My previous change to LXC container capabilties setup has a fairly stupid
bug in it. The container init process starts off with no capabilities
whatsoever :-( This was caused by a bogus capng_lock() call which meant
that all capabilities were cleared when the init process was exec'd.
The
On Wed, Jul 08, 2009 at 01:12:59PM +0100, Daniel P. Berrange wrote:
My previous change to LXC container capabilties setup has a fairly stupid
bug in it. The container init process starts off with no capabilities
whatsoever :-( This was caused by a bogus capng_lock() call which meant
that all