[lxc-devel] [PATCH] lxc-attach: elevate specific privileges
Nikola Kotur
kotnick at gmail.com
Wed Nov 20 14:56:20 UTC 2013
On Tue, 19 Nov 2013 15:48:36 -0600
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Nikola Kotur (kotnick at gmail.com):
> > There are scenarios in which we want to execute process with
> > specific privileges elevated.
>
> thanks for submitting this patch. No objection overall, however
> there are a few existing places where elevated_privileges is set to 1
> which you are not updating.
Thanks for the review and for catching this. I will update the patch
and resend it (along with a signed-off-by).
> I also notice that currently it seems broken as the manpage says that
> -R should imply -e, but i don't see where that is enforced any more.
Actually, it's not -R that implies -e, it's the -s option (specifying
which namespaces to attach to).
And if you have a bit of time I'd appreciate if you could explain why
should we elevate privileges for attaching to specific namespace? Seems
to me that it is unrelated, since I should be able to enter NETWORK ns
while not elevating cgroup, for example?
Thanks.
--
Nikola Kotur
http://blog.kotur.org
PGP key: http://bin.kotur.org/key.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131120/9a8ca4f2/attachment.pgp>
More information about the lxc-devel
mailing list