similar to: lxc capabilities

This patch adds the ability to kinit to allow the dropping of POSIX capabilities. kinit is modified by this change, such that it understands the new kernel command line "drop_capabilities=" that specifies a comma separated list of capability names that should be dropped before switching over to the next init in the boot strap (typically on the root disk). When processing capabilities

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by

Hi, A week ago I submitted an early patch, please ignore it. The patch attached to this email has been tested and seems to work for me. I have also attached instead of inline to solve problems with spaces/tabs. The patch will, on systems that have libcap support, drop capabilities that Dovecot doesn't need. For example there is no need for CAP_SYS_MODULE, which enables module

My kernel crashed for some other reason, and now I can''t mount my btrfs filesystem. I don''t care about the data, it''s backed up. I''ll compile a 3.5 kernel, but is there any info you''d like off that filesystem to see why btrfs is crashing on mount? Marc [ 313.152857] device label btrfs_pool1 devid 1 transid 20769 /dev/mapper/disk1 [ 313.171318]

Thanks for this. Is their any other advantage our disadvantage in using the fuse client? Speed, reliability? In fact, has the anyone run vm's off fuse? On May 26, 2011 11:56 PM, "Chris Haumesser" <ch at luciddg.com> wrote: -------------- next part -------------- An HTML attachment was scrubbed... URL:

And speaking of running out of a shared read-only root, I get the following error when I attempt it: error: Failed to start domain hw error: internal error guest failed to start: PATH=/bin:/sbin TERM=linux LIBVIRT_LXC_UUID=38320e75-1ba0-d85a-6138-532a3a66f13d LIBVIRT_LXC_NAME=hw /bin/bash 2011-12-08 15:31:41.945: 1: info : libvirt version: 0.9.7 2011-12-08 15:31:41.945: 1: error :

I'm testing 0.9.7 now with lxc, and get the following error when trying to start a container: 2011-12-07 22:49:26.293: 1997: error : lxcControllerRun:1158 : unsupported configuration: Expected exactly one TTY fd My configuration is very simply: <domain type='lxc'> <name>hw</name> <uuid>38320e75-1ba0-d85a-6138-532a3a66f13d</uuid>