First we need to fake allowing all devices for docker 1.7+ for privileged docker
Second we need to ignore wrong caps in container as in CT we do not allow: CAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_PACCT, CAP_SYS_TIME Pavel Tikhomirov (2): device_cgroup: fake allowing all devices for docker inside VZCT Revert "Revert "ve: caps: ignore setting wrong caps with CAP_SETPCAP"" security/commoncap.c | 37 ++++++++++++++++++++++++++++++------- security/device_cgroup.c | 9 ++++++++- 2 files changed, 38 insertions(+), 8 deletions(-) -- 1.9.3 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
