On Thu, Dec 08, 2011 at 07:14:41AM -0800, Chris Haumesser wrote: > Chris Haumesser wrote: > > Am I misinterpreting the output of getpcaps then? (getpcaps is rather > > undocumented). > > Answering my own question, I was misinterpreting the output of getpcaps. > I found the cap_from_text(3) man page, which explained the output format. > > I still don't understand why I was able to reboot the host from within a > container, however. Well I just confirmed (the hard way!) that you are correct. It is possible to reboot the host from inside the container, despire CAP_SYS_REBOOT being blocked. I'll try & figure out how that's happening/possible... Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
