Quoting Daniel Hokka Zakrisson (daniel@xxxxxxxxx): > Daniel Lezcano wrote: > > > > Wouldn't it be better to simply remove CAP_SYS_BOOT from containers > until sys_reboot emits some signal to userspace to restart/halt the > container? (This is what we do in Linux-VServer.) > > -- > Daniel Hokka Zakrisson Yeah that makes more sense to me. Note that otherwise your patch still lets the container mess with sys_kexec_load(), for instance. -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
