[Devel] [PATCH RH7 0/2] fixes for docker
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Wed Oct 7 01:51:05 PDT 2015
First we need to fake allowing all devices for docker 1.7+ for
privileged docker
Second we need to ignore wrong caps in container as in CT we do not
allow: CAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_PACCT, CAP_SYS_TIME
Pavel Tikhomirov (2):
device_cgroup: fake allowing all devices for docker inside VZCT
Revert "Revert "ve: caps: ignore setting wrong caps with CAP_SETPCAP""
security/commoncap.c | 37 ++++++++++++++++++++++++++++++-------
security/device_cgroup.c | 9 ++++++++-
2 files changed, 38 insertions(+), 8 deletions(-)
--
1.9.3
More information about the Devel
mailing list