I try the "vattribute" command on a running vserver to change context capabilities :
[EMAIL PROTECTED] ~]# grep Caps /proc/virtual/500/status BCaps: 00000000344c04ff CCaps: 0000000000000101 [EMAIL PROTECTED] ~]# vattribute --ccap SECURE_MOUNT --xid 500 [EMAIL PROTECTED] ~]# grep Caps /proc/virtual/500/status BCaps: 0000000000000000 CCaps: 0000000000010101 It resets the native linux capabilities. From the sources, the kernel system call "vc_set_ccaps" can only reduce the bcaps ; as the "bcaps" transmitted by vattribute is zero, it gets this value. Perhaps the "bcaps" member, in vattribute.c, should be computed respectively to the "--bcaps" argument requiring a decrease of bcaps before calling "vc_set_ccaps", in the case of an existing context ? The present behaviour is a bit disturbing, as we have to add something like "--bcap 0xFFFFFFFF" to leave it untouched. PS : the --help has a little bug (0.30.210) : [EMAIL PROTECTED] ~]# vattribute --help --cap <cap> ... context capability to be added ==> --ccap -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
