On Wed, 2009-04-15 at 23:21 +0400, Alexey Dobriyan wrote: > Is sysctl to control CAP_SYS_ADMIN on restart(2) OK? If the point is not to let users even *try* restarting things if it *might* not work, then I guess this might be reasonable. If the goal is to increase security by always requiring CAP_SYS_ADMIN for "dangerous" operations, I fear it will be harmful. We may have people adding features that are not considering the security impact of what they're doing just because the cases they care about all require privilege. What would the goal be? -- Dave _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
