[libvirt] [RFC][PATCH] lxc: drop CAP_SYS_BOOT capability to prevent rebooting from inside containers
Dave Allan
dallan at redhat.com
Mon May 11 16:37:25 UTC 2009
Matthias Bolte wrote:
> 2009/5/11 Daniel P. Berrange <berrange at redhat.com>:
>> On Mon, May 11, 2009 at 05:59:45PM +0200, Matthias Bolte wrote:
>>> Hi,
>>>
>>> I needed to apply the following two small changes to get it compile.
>>>
>>> On my system (Ubuntu 9.04) I don't have a sys/capability.h header, but
>>> a linux/capability.h header as part of the linux-libc-dev package.
>> That is because sys/capability.h is provided by libcap, not libc.
>> I guess you don't have libcap-dev installed.
>>
>> $ rpm -qf /usr/include/sys/capability.h
>> libcap-devel-2.06-4.fc9.i386
>>
>
> You guess was correct. With libcap-dev installed it compiles without problems.
We should check for the presence of libcap-dev in the configure script.
Dave
More information about the libvir-list
mailing list