>From a3a4950f8e9094aac1a9ccd6d453ea3dd68129be Mon Sep 17 00:00:00 2001
From: sergeh@xxxxxxxxxx <sergeh@xxxxxxxxxx>
Date: Wed, 28 Nov 2007 18:52:28 -0800
Subject: [RFC] [PATCH 3/8] containers: add CAP_NS_OVERRIDE capability
containers: add CAP_NS_OVERRIDE capability
Signed-off-by: sergeh@xxxxxxxxxx <hallyn@kernel.(none)>
---
include/linux/capability.h | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 7d50ff6..36f9717 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -332,7 +332,14 @@ typedef struct kernel_cap_struct {
#define CAP_MAC_ADMIN 33
-#define CAP_LAST_CAP CAP_MAC_ADMIN
+/* Allow acting on resources in another namespace. In
+ particular:
+ 1. when combined with CAP_KILL, kill users in another
+ user namespace
+ */
+#define CAP_NS_OVERRIDE 34
+
+#define CAP_LAST_CAP CAP_NS_OVERRIDE
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
--
1.5.1
_______________________________________________
Containers mailing list
Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/containers
