Hi all, Here are a few patches without strong connection together. The first one only allows us not to package virt-login-shell even with lxc driver enabled. The other ones are related to mounts security.
I'm wondering if changing the default dropped capabilities in the lxc driver is acceptable... dropping sys_admin makes sense, but it can introduce incompatibilities for users needing it as they will need to explicitely enable it. Cédric Bosdonnat (3): Allow building lxc without virt-login-shell virt-aa-helper: don't deny writes to readonly mounts lxc: drop sys_admin caps by default configure.ac | 14 ++++++++++++++ src/lxc/lxc_container.c | 1 + src/security/virt-aa-helper.c | 5 ++++- tools/Makefile.am | 12 ++++++------ 4 files changed, 25 insertions(+), 7 deletions(-) -- 2.1.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
