On Sun, May 27, 2012 at 9:07 PM, richard -rw- weinberger <richard.weinberger@xxxxxxxxx> wrote: > On Tue, May 22, 2012 at 8:48 PM, Eric W. Biederman > <ebiederm@xxxxxxxxxxxx> wrote: >> - Capabilities are localized to the current user namespace making it >> safe to give the initial user in a user namespace all capabilities. > > Today I've tried your patch set, but it looks like a root-user in a > Linux container is still able to use /proc/sysrq-trigger. > Am I misunderstanding user namespaces or is there still something missing? Please ignore the above mail. My .config was messed up. :-\ -- Thanks, //richard _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
