[lxc-devel] [lxc/lxc] 4d69b2: lxc-attach: elevate specific privileges
GitHub
noreply at github.com
Wed Nov 20 16:56:49 UTC 2013
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 4d69b2939ce09fbe624636dc01734a542e050ef9
https://github.com/lxc/lxc/commit/4d69b2939ce09fbe624636dc01734a542e050ef9
Author: Nikola Kotur <kotnick at gmail.com>
Date: 2013-11-20 (Wed, 20 Nov 2013)
Changed paths:
M doc/lxc-attach.sgml.in
M src/lxc/confile.c
M src/lxc/confile.h
M src/lxc/lxc_attach.c
Log Message:
-----------
lxc-attach: elevate specific privileges
There are scenarios in which we want to execute process with specific
privileges elevated.
An example for this might be executing a process inside the container
securely, with capabilities dropped, but not in container's cgroup so
that we can have per process restrictions inside single container.
Similar to namespaces, privileges to be elevated can be OR'd:
lxc-attach --elevated-privileges='CAP|CGROUP' ...
Backward compatibility with previous versions is retained. In case no
privileges are specified behaviour is the same as before: all of them
are elevated.
Signed-off-by: Nikola Kotur <kotnick at gmail.com>
Acked-By: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
More information about the lxc-devel
mailing list