Daniel P. Berrange wrote:
I think you have that the wrong way around. The containers run *without* cap_sys_{module,boot,time,audit_control,mac_admin}. Am I misinterpreting the output of getpcaps then? (getpcaps is rather undocumented). See: http://pastebin.com/6FkXt66c Moreover, I opened a virsh console to my helloworld container, typed 'reboot' and the whole host machine rebooted. Yikes! Or are these bugs in the 0.9.2 codebase that have since been fixed? -C- |
