[lxc-devel] [PATCH] lxc-attach: elevate specific privileges
Nikola Kotur
kotnick at gmail.com
Wed Nov 20 16:26:51 UTC 2013
On Wed, 20 Nov 2013 15:29:10 +0000
Christian Seiler <christian at iwakd.de> wrote:
> Since I added those options back in the day, a bit of a rationale
Thanks for the explanation!
> However, with your patch (which makes sense since my rewrite of the
> API), I think one could give the user the option of not evelating the
> other privileges. And while I do think that because of the above
> rationale having elevation being the default state when using -s, what
> do you think of the following proposal?
>
> - default => all privs dropped
> - only -s specified => no privs dropped
> - -e specified without argument => no privs dropped
> - -e NONE specified (regardless of -s) => all privs dropped
> - -e ALL specified (regardless of -s) => no privs dropped
> - -e A|B|C specified (regardless of -s) => A, B and C privs
> elevated, the rest dropped
I agree that we should let people to be creative, and make all
combinations available.
So, what do you say you ACK my first patch (I do need it), and I will
work on your proposal, if others agree?
--
Nikola Kotur
http://blog.kotur.org
PGP key: http://bin.kotur.org/key.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131120/bb0c7de7/attachment.pgp>
More information about the lxc-devel
mailing list