git.ipfire.org Git - thirdparty/lxc.git/commit

author	Nikola Kotur <kotnick@gmail.com>
	Wed, 20 Nov 2013 15:07:37 +0000 (16:07 +0100)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Wed, 20 Nov 2013 16:54:47 +0000 (10:54 -0600)
commit	4d69b2939ce09fbe624636dc01734a542e050ef9
tree	fc7c408e9448556653051d2be2efd71673156256	tree
parent	c7e426bef628fa4a2cd0733086bcc599b6412bec	commit \| diff

lxc-attach: elevate specific privileges

There are scenarios in which we want to execute process with specific
privileges elevated.

An example for this might be executing a process inside the container
securely, with capabilities dropped, but not in container's cgroup so
that we can have per process restrictions inside single container.

Similar to namespaces, privileges to be elevated can be OR'd:

lxc-attach --elevated-privileges='CAP|CGROUP' ...

Backward compatibility with previous versions is retained. In case no
privileges are specified behaviour is the same as before: all of them
are elevated.

Signed-off-by: Nikola Kotur <kotnick@gmail.com>
Acked-By: Christian Seiler <christian@iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

doc/lxc-attach.sgml.in		diff \| blob \| blame \| history
src/lxc/confile.c		diff \| blob \| blame \| history
src/lxc/confile.h		diff \| blob \| blame \| history
src/lxc/lxc_attach.c		diff \| blob \| blame \| history