On Sat, Dec 30, 2017 at 12:50 AM, Michael Kerrisk (man-pages)
wrote:
> Hello Mahesh,
>
> On 12/05/2017 11:31 PM, Mahesh Bandewar wrote:
>> From: Mahesh Bandewar
>>
>> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This
>> takes input as capability mask expressed as two comma separ
Hello Mahesh,
On 12/05/2017 11:31 PM, Mahesh Bandewar wrote:
> From: Mahesh Bandewar
>
> Add a sysctl variable kernel.controlled_userns_caps_whitelist. This
> takes input as capability mask expressed as two comma separated hex
> u32 words. The mask, however, is stored in kernel as kernel_cap_t t
On 12/05/2017 11:31 PM, Mahesh Bandewar wrote:
> +The value is expressed as two comma separated hex words (u32). This
> +sysctl is avaialble in init-ns and users with CAP_SYS_ADMIN in init-ns
> +are allowed to make changes.
Typo: avaialble -> available
From: Mahesh Bandewar
Add a sysctl variable kernel.controlled_userns_caps_whitelist. This
takes input as capability mask expressed as two comma separated hex
u32 words. The mask, however, is stored in kernel as kernel_cap_t type.
Any capabilities that are not part of this mask will be controlled
4 matches
Mail list logo