[lxc-devel] [patch 1/5] Add capability interface

Andrian Nord nightnord at gmail.com
Thu Jan 7 15:33:40 UTC 2010


> a futile change, but the lxc_capabilities_setup funciton name will be 
> more consistent in the context of the other functions in lxc_setup function.
Yeah, sure. I'll change it.

> I think you can define the structure as follow,
> 
> struct capability {
> 	char		*name;
> 	__u32		code;
> 	int             drop;
> };
> 
> And then initialize:
> 
> static struct capability capabilities[] = {
> 	{ "chown",		CAP_CHOWN },
> 	...
> 	{ "sys_module",          CAP_SYS_MODULE, 1 },
> 	...
> };

It's not so readable, but I can't call current picture 'nice'. Also -
it seems for me, that is such case there is no default value for drop,
so I would prefer to zero-initialize all non-1 values, just in case. So
this is only about removing just-another-typedef (as we should keep struct
capability in consistency with interface, imo, otherwise it will be not
so clear)?

> > +#define lxc_capabilities_check(mask, code) (mask & CAP_TO_MASK(code))
> >   
> This macro can be moved to capability.c, no ?

Yes, it should be. It's not supposed to be shared, my mistake =)




More information about the lxc-devel mailing list