On Tue, May 22, 2012 at 8:48 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > - Capabilities are localized to the current user namespace making it > safe to give the initial user in a user namespace all capabilities. Today I've tried your patch set, but it looks like a root-user in a Linux container is still able to use /proc/sysrq-trigger. Am I misunderstanding user namespaces or is there still something missing? -- Thanks, //richard _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
