> guessing the sandbox isn't really meant for security purposes since > CAP_SYS_ADMIN can easily be used to recover just about every other > capability. http://lwn.net/Articles/486306/ capabilities in a CLONE_NEW_USER sandbox only apply to the sandbox and not things outside of the sandbox such as devices. -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
