[Lxc-users] lxc.cap.drop
Ulli Horlacher
framstag at rus.uni-stuttgart.de
Wed Oct 26 17:31:10 UTC 2011
Is there a "best practises" for lxc.cap.drop configuration?
I have so far as default:
# no MAC change
lxc.cap.drop = mac_override
# no kernel module (un)loading
lxc.cap.drop = sys_module
# no reboot
lxc.cap.drop = sys_boot
# no (un/re)mounting
lxc.cap.drop = sys_admin
# no time setting
lxc.cap.drop = sys_time
All the corresponding tasks should be done via host and not via container.
--
Ullrich Horlacher Server- und Arbeitsplatzsysteme
Rechenzentrum E-Mail: horlacher at rus.uni-stuttgart.de
Universitaet Stuttgart Tel: ++49-711-685-65868
Allmandring 30 Fax: ++49-711-682357
70550 Stuttgart (Germany) WWW: http://www.rus.uni-stuttgart.de/
More information about the lxc-users
mailing list