Is there a "best practises" for lxc.cap.drop configuration? I have so far as default:
# no MAC change lxc.cap.drop = mac_override # no kernel module (un)loading lxc.cap.drop = sys_module # no reboot lxc.cap.drop = sys_boot # no (un/re)mounting lxc.cap.drop = sys_admin # no time setting lxc.cap.drop = sys_time All the corresponding tasks should be done via host and not via container. -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: [email protected] Universitaet Stuttgart Tel: ++49-711-685-65868 Allmandring 30 Fax: ++49-711-682357 70550 Stuttgart (Germany) WWW: http://www.rus.uni-stuttgart.de/ ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
