diff options
| author |   dlezcano <dlezcano> | 2008-11-13 16:53:23 +0000 |
|---|---|---|
| committer | dlezcano <dlezcano> | 2008-11-13 16:53:23 +0000 |
| commit | 0780e343896f3d8300e0b4adf3bcd65d1b679f48 (patch) | |
| tree | 65829fabde8c43a5c36ce7a38b181e7f731fefb7 /lxc.spec.in | |
| parent | Fix function prototype (diff) | |
| download | lxc-0780e343896f3d8300e0b4adf3bcd65d1b679f48.tar.gz lxc-0780e343896f3d8300e0b4adf3bcd65d1b679f48.tar.bz2 lxc-0780e343896f3d8300e0b4adf3bcd65d1b679f48.zip | |
Add setpcap capabilty to be able to drop the sys_boot capabilty.
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Previously, we dropped the CAP_SYS_BOOT capabilty. Unfortunatly if we are
non root user, we are not able to do that. So I had the CAP_SETPCAP to
lxc-execute and lxc-start command line to remove this capabilty.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Diffstat (limited to 'lxc.spec.in')
| -rw-r--r-- | lxc.spec.in | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lxc.spec.in b/lxc.spec.in index 49cce65..96dfcfb 100644 --- a/lxc.spec.in +++ b/lxc.spec.in @@ -123,7 +123,10 @@ if [ $RES != 0 ]; then echo -e "\t* and reinstall the lxc package *" echo -e "\t****************************************************" else -setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-execute && setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-start && setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-restart +setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-execute && \ +setcap cap_setpcap,cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-start && \ +setcap cap_net_admin,cap_net_raw,cap_sys_admin,cap_dac_override=ep %{_bindir}/lxc-restart && \ +setcap cap_sys_admin=ep %{_bindir}/lxc-init fi |