git.ipfire.org Git - thirdparty/lxc.git/commit

author	Dwight Engen <dwight.engen@oracle.com>
	Thu, 19 Jun 2014 21:58:11 +0000 (17:58 -0400)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Fri, 20 Jun 2014 18:08:00 +0000 (14:08 -0400)
commit	7035407c96efd21ba5dfc8ba6617f7631292d78a
tree	1dd78e99dc508e86d5981b187e05593355fe6ff9	tree
parent	58558042dcdf042e8956a63dc6af78730800f188	commit \| diff

allow lxc.cap.keep = none

Commit 1fb86a7c introduced a way to drop capabilities without having to
specify them all explicitly. Unfortunately, there is no way to drop them
all, as just specifying an empty keep list, ie:

lxc.cap.keep =

clears the keep list, causing no capabilities to be dropped.

This change allows a special value "none" to be given, which will clear
all keep capabilities parsed up to this point. If the last parsed value
is none, all capabilities will be dropped.

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

doc/lxc.container.conf.sgml.in		diff \| blob \| blame \| history
src/lxc/conf.c		diff \| blob \| blame \| history
src/lxc/confile.c		diff \| blob \| blame \| history