From: dlezcano <dlezcano>
Date: Tue, 4 Nov 2008 22:18:23 +0000 (+0000)
Subject: From: Daniel Lezcano <dlezcano@fr.ibm.com>
X-Git-Tag: lxc_0_5_0~55
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=42ff343ddb3962e1f63f83348de6e56c61fde21b;p=thirdparty%2Flxc.git

From: Daniel Lezcano <dlezcano@fr.ibm.com>

Remove the CAP_SYS_BOOT capability from the bouding set, so we can poweroff,
halt, reboot the container safely without shutting down the real host.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 09dc6ff94..a6d0db34f 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -35,6 +35,7 @@
 #include <sys/mount.h>
 #include <sys/types.h>
 #include <sys/prctl.h>
+#include <sys/capability.h>
 #include <sys/wait.h>
 
 #include <lxc/lxc.h>
@@ -138,6 +139,11 @@ int lxc_start(const char *name, int argc, char *argv[],
 				goto out_child;
 			}
 
+		if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
+			lxc_log_syserror("failed to remove CAP_SYS_BOOT capability");
+			goto out_child;
+		}
+
 		execvp(argv[0], argv);
 		lxc_log_syserror("failed to exec %s", argv[0]);