[lxc-devel] [patch 1/5] Add capability interface
Andrian Nord
nightnord at gmail.com
Thu Jan 7 15:33:40 UTC 2010
> a futile change, but the lxc_capabilities_setup funciton name will be
> more consistent in the context of the other functions in lxc_setup function.
Yeah, sure. I'll change it.
> I think you can define the structure as follow,
>
> struct capability {
> char *name;
> __u32 code;
> int drop;
> };
>
> And then initialize:
>
> static struct capability capabilities[] = {
> { "chown", CAP_CHOWN },
> ...
> { "sys_module", CAP_SYS_MODULE, 1 },
> ...
> };
It's not so readable, but I can't call current picture 'nice'. Also -
it seems for me, that is such case there is no default value for drop,
so I would prefer to zero-initialize all non-1 values, just in case. So
this is only about removing just-another-typedef (as we should keep struct
capability in consistency with interface, imo, otherwise it will be not
so clear)?
> > +#define lxc_capabilities_check(mask, code) (mask & CAP_TO_MASK(code))
> >
> This macro can be moved to capability.c, no ?
Yes, it should be. It's not supposed to be shared, my mistake =)
More information about the lxc-devel
mailing list