On Mon, 2011-02-07 at 11:40 +1100, Trent W. Buck wrote: > lxc.cap.drop=sys_admin should prevent all mount(2) calls within the > container. It seems to work for me. In fact... I thought LXC *always* > removed that capability, even if you never mentioned it?
Nice! Is there a list of capabilities LXC drops documented somewhere? Thanks Andre ------------------------------------------------------------------------------ The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
