[Devel] [PATCH RH7 0/3] capability fixes for docker
Andrew Vagin
avagin at odin.com
Fri Jul 3 06:36:12 PDT 2015
On Tue, Jun 30, 2015 at 03:17:51PM +0300, Pavel Tikhomirov wrote:
> allow what docker wants, need it to run integration-cli tests
> when we will prohibit CAP_SYS_ADMIN and CAP_NET_ADMIN in CT
>
> * after switching to user namespaces we won't need those patches
> https://jira.sw.ru/browse/PSBM-34523
>
> to test without CAP_SYS_ADMIN and CAP_NET_ADMIN:
> vzctl set 206 --capability net_admin:off \
> --capability sys_admin:off --save
>
Reviewed-by: Andrew Vagin <avagin at odin.com>
> Pavel Tikhomirov (3):
> vfs: allow mount/umount, pivot_root with CAP_VE_SYS_ADMIN
> rtnl: allow move network devices into network namespace in CT
> vfs: allow mount proc and mqueue inside container
>
> fs/namespace.c | 4 +++-
> fs/proc/root.c | 3 ++-
> ipc/mqueue.c | 3 ++-
> net/core/rtnetlink.c | 3 ++-
> 4 files changed, 9 insertions(+), 4 deletions(-)
>
> --
> 1.9.3
>
More information about the Devel
mailing list