[lxc-devel] [PATCH] lxc-attach: elevate specific privileges

Nikola Kotur kotnick at gmail.com
Wed Nov 20 16:26:51 UTC 2013


On Wed, 20 Nov 2013 15:29:10 +0000
Christian Seiler <christian at iwakd.de> wrote:

> Since I added those options back in the day, a bit of a rationale

Thanks for the explanation!

> However, with your patch (which makes sense since my rewrite of the
> API), I think one could give the user the option of not evelating the
> other privileges. And while I do think that because of the above
> rationale having elevation being the default state when using -s, what
> do you think of the following proposal?
> 
>   - default => all privs dropped
>   - only -s specified => no privs dropped
>   - -e specified without argument => no privs dropped
>   - -e NONE specified (regardless of -s) => all privs dropped
>   - -e ALL specified (regardless of -s) => no privs dropped
>   - -e A|B|C specified (regardless of -s) => A, B and C privs
> elevated, the rest dropped

I agree that we should let people to be creative, and make all
combinations available.

So, what do you say you ACK my first patch (I do need it), and I will
work on your proposal, if others agree?

-- 
Nikola Kotur
http://blog.kotur.org

PGP key: http://bin.kotur.org/key.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131120/bb0c7de7/attachment.pgp>


More information about the lxc-devel mailing list