Daniel Hokka Zakrisson wrote: > Daniel Lezcano wrote: > > Wouldn't it be better to simply remove CAP_SYS_BOOT from containers > until sys_reboot emits some signal to userspace to restart/halt the > container? (This is what we do in Linux-VServer.) Ok, I will try, thanks. BTW, isn't possible that a process gave CAP_SYS_BOOT capability again to himself and being able to shutdown the host ? I guess I should remove CAP_SETPCAP too, no ? _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers