[Devel] [RFC] [PATCH 3/8] containers: add CAP_NS_OVERRIDE capability
Serge E. Hallyn
serue at us.ibm.com
Fri Dec 7 11:14:14 PST 2007
>From a3a4950f8e9094aac1a9ccd6d453ea3dd68129be Mon Sep 17 00:00:00 2001
From: sergeh at us.ibm.com <sergeh at us.ibm.com>
Date: Wed, 28 Nov 2007 18:52:28 -0800
Subject: [RFC] [PATCH 3/8] containers: add CAP_NS_OVERRIDE capability
containers: add CAP_NS_OVERRIDE capability
Signed-off-by: sergeh at us.ibm.com <hallyn at kernel.(none)>
---
include/linux/capability.h | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 7d50ff6..36f9717 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -332,7 +332,14 @@ typedef struct kernel_cap_struct {
#define CAP_MAC_ADMIN 33
-#define CAP_LAST_CAP CAP_MAC_ADMIN
+/* Allow acting on resources in another namespace. In
+ particular:
+ 1. when combined with CAP_KILL, kill users in another
+ user namespace
+ */
+#define CAP_NS_OVERRIDE 34
+
+#define CAP_LAST_CAP CAP_NS_OVERRIDE
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
--
1.5.1
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list