Quoting Alexey Dobriyan (adobriyan@xxxxxxxxx): > Is sysctl to control CAP_SYS_ADMIN on restart(2) OK? You mean a sysctl to specify whether to require CAP_SYS_ADMIN for restart(2)? Yeah I wouldn't object to that - it certainly seems like something sane for an admin to use depending on their users. Though I think the bigger fish to fry first is whether we only support whole-container checkpoint/restart. If that is the case, then CAP_SYS_ADMIN will always be needed for restart since it will always unshare some namespaces. thanks, -serge _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
