On Mon, Oct 24, 2011 at 13:44, Corey Bryant wrote:
>
>
> On 10/23/2011 09:10 AM, Blue Swirl wrote:
>>
>> On Fri, Oct 21, 2011 at 15:07, Corey Bryant
>> wrote:
>>>
>>> > We go to great lengths to restrict ourselves to just cap_net_admin as
>>> > an OS
>>> > enforced security mechanism. However,
On 10/23/2011 09:10 AM, Blue Swirl wrote:
On Fri, Oct 21, 2011 at 15:07, Corey Bryant wrote:
> We go to great lengths to restrict ourselves to just cap_net_admin as an OS
> enforced security mechanism. However, we further restrict what we allow
users
> to do to simply adding a tap device
On Fri, Oct 21, 2011 at 15:07, Corey Bryant wrote:
> We go to great lengths to restrict ourselves to just cap_net_admin as an OS
> enforced security mechanism. However, we further restrict what we allow users
> to do to simply adding a tap device to a bridge interface by virtue of the
> fact
> t
We go to great lengths to restrict ourselves to just cap_net_admin as an OS
enforced security mechanism. However, we further restrict what we allow users
to do to simply adding a tap device to a bridge interface by virtue of the fact
that this is the only functionality we expose.
This is not good