[Users] VPS capabilities
Kirill Korotaev
dev at sw.ru
Wed Oct 10 05:42:26 EDT 2007
Dietmar Maurer wrote:
> Where can I find more information about vps capabilities, i.e. what
> exactly is:
>
> NET_BIND_SERVICE
> KILL
> LINUX_IMMUTABLE
> NET_ADMIN
> SYS_CHROOT
these are std linux capabilities, so you can look at any documentation related to it,
plus comments in kernel in include/linux/capability.h and kernel sources.
> VE_ADMIN
it is a restricted subset of CAP_SYS_ADMIN+CAP_NET_ADMIN capability for VE root.
it allows to do a lot of thing allowed for std root, like configuring firewalls,
network devices, etc. but not everything, e.g. VE root can't change mtrr registers,
can't issue raw SCSI commands, etc.
Thanks,
Kirill
More information about the Users
mailing list