[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers

From: Matthias Bolte <matthias bolte googlemail com>
To: berrange redhat com
Cc: libvir-list redhat com
Subject: Re: [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
Date: Mon, 11 May 2009 18:34:40 +0200

2009/5/11 Daniel P. Berrange <berrange redhat com>:
> On Mon, May 11, 2009 at 05:59:45PM +0200, Matthias Bolte wrote:
>> Hi,
>>
>> I needed to apply the following two small changes to get it compile.
>>
>> On my system (Ubuntu 9.04) I don't have a sys/capability.h header, but
>> a linux/capability.h header as part of the linux-libc-dev package.
>
> That is because sys/capability.h is provided by libcap, not libc.
> I guess you don't have libcap-dev installed.
>
> $ rpm -qf /usr/include/sys/capability.h
> libcap-devel-2.06-4.fc9.i386
>

You guess was correct. With libcap-dev installed it compiles without problems.

Follow-Ups:
- Re: [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
  - From: Dave Allan

References:
- [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
  - From: Ryota Ozaki
- Re: [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
  - From: Daniel Veillard
- Re: [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
  - From: Matthias Bolte
- Re: [libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]