>From a3a4950f8e9094aac1a9ccd6d453ea3dd68129be Mon Sep 17 00:00:00 2001 From: sergeh@xxxxxxxxxx <sergeh@xxxxxxxxxx> Date: Wed, 28 Nov 2007 18:52:28 -0800 Subject: [RFC] [PATCH 3/8] containers: add CAP_NS_OVERRIDE capability containers: add CAP_NS_OVERRIDE capability Signed-off-by: sergeh@xxxxxxxxxx <hallyn@kernel.(none)> --- include/linux/capability.h | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 7d50ff6..36f9717 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -332,7 +332,14 @@ typedef struct kernel_cap_struct { #define CAP_MAC_ADMIN 33 -#define CAP_LAST_CAP CAP_MAC_ADMIN +/* Allow acting on resources in another namespace. In + particular: + 1. when combined with CAP_KILL, kill users in another + user namespace + */ +#define CAP_NS_OVERRIDE 34 + +#define CAP_LAST_CAP CAP_NS_OVERRIDE #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) -- 1.5.1 _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers