[Lxc-users] ]Re: Bug with cgroup devices access rights!?
Jäkel, Guido
G.Jaekel at dnb.de
Fri Sep 9 06:28:29 UTC 2011
>Problem solved.
>/dev/rtc is only used to read the time.
>To write the date and time the ioctl function settimeofday is used. To
>prevent this you have to drop the capability sys_time
Dear sfrazt,
Good job! May you figure out if there are "unwanted" side effects if one may drop the sys_time capability for a container, i.e. will something else will be denied what one will probably need to use?
@Dev: If not, this dropping should be added to the reference manuals and example configuration snippets.
Greetings
Guido
More information about the lxc-users
mailing list