Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
lxc-attach: elevate specific privileges
There are scenarios in which we want to execute process with specific privileges elevated. An example for this might be executing a process inside the container securely, with capabilities dropped, but not in container's cgroup so that we can have per process restrictions inside single container. Similar to namespaces, privileges to be elevated can be OR'd: lxc-attach --elevated-privileges='CAP|CGROUP' ... Backward compatibility with previous versions is retained. In case no privileges are specified behaviour is the same as before: all of them are elevated. Signed-off-by: Nikola Kotur <kotnick@gmail.com> Acked-By: Christian Seiler <christian@iwakd.de> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- Loading branch information
Showing
4 changed files
with
69 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters