From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Oren Laadan <orenl@cs.columbia.edu>,
Dave Hansen <dave@linux.vnet.ibm.com>,
akpm@linux-foundation.org, containers@lists.linux-foundation.org,
xemul@parallels.com, mingo@elte.hu, hch@infradead.org,
torvalds@linux-foundation.org, linux-kernel@vger.kernel.org
Subject: Re: CAP_SYS_ADMIN on restart(2) (was: Re: [PATCH 00/30] C/R OpenVZ/Virtuozzo style)
Date: Wed, 15 Apr 2009 15:22:20 -0500 [thread overview]
Message-ID: <20090415202220.GA5228@us.ibm.com> (raw)
In-Reply-To: <20090415192150.GC26994@x200.localdomain>
Quoting Alexey Dobriyan (adobriyan@gmail.com):
> Is sysctl to control CAP_SYS_ADMIN on restart(2) OK?
You mean a sysctl to specify whether to require CAP_SYS_ADMIN for
restart(2)?
Yeah I wouldn't object to that - it certainly seems like something
sane for an admin to use depending on their users.
Though I think the bigger fish to fry first is whether we only support
whole-container checkpoint/restart. If that is the case, then
CAP_SYS_ADMIN will always be needed for restart since it will always
unshare some namespaces.
thanks,
-serge
next prev parent reply other threads:[~2009-04-15 20:22 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-10 2:32 [PATCH 00/30] C/R OpenVZ/Virtuozzo style Alexey Dobriyan
2009-04-10 2:44 ` Alexey Dobriyan
2009-04-10 5:07 ` Dave Hansen
2009-04-13 9:14 ` Alexey Dobriyan
2009-04-13 11:16 ` Dave Hansen
2009-04-14 4:26 ` Oren Laadan
2009-04-14 14:58 ` Alexey Dobriyan
[not found] ` <20090414145830.GA27461-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 18:08 ` Oren Laadan
2009-04-14 18:08 ` Oren Laadan
2009-04-14 18:34 ` Alexey Dobriyan
[not found] ` <20090414183435.GA28233-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 19:31 ` Oren Laadan
2009-04-14 19:31 ` Oren Laadan
[not found] ` <49E4E4AB.1030803-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 20:08 ` Alexey Dobriyan
2009-04-14 20:08 ` Alexey Dobriyan
[not found] ` <49E4D115.5080601-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 18:34 ` Alexey Dobriyan
2009-04-14 20:49 ` Alexey Dobriyan
2009-04-14 20:49 ` Alexey Dobriyan
[not found] ` <20090414204912.GA28458-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 21:11 ` Dave Hansen
2009-04-14 21:39 ` Serge E. Hallyn
2009-04-14 21:11 ` Dave Hansen
2009-04-14 21:39 ` Serge E. Hallyn
2009-04-15 19:21 ` CAP_SYS_ADMIN on restart(2) (was: Re: [PATCH 00/30] C/R OpenVZ/Virtuozzo style) Alexey Dobriyan
[not found] ` <20090415192150.GC26994-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-15 20:22 ` Serge E. Hallyn
2009-04-15 20:23 ` Dave Hansen
2009-04-15 20:22 ` Serge E. Hallyn [this message]
2009-04-15 20:23 ` Dave Hansen
2009-04-15 20:39 ` Serge E. Hallyn
2009-04-15 20:39 ` Serge E. Hallyn
2009-04-15 21:05 ` CAP_SYS_ADMIN on restart(2) Oren Laadan
2009-04-15 21:16 ` Serge E. Hallyn
2009-04-16 15:35 ` Alexey Dobriyan
2009-04-16 16:29 ` Serge E. Hallyn
[not found] ` <20090416153513.GA7876-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-16 16:29 ` Serge E. Hallyn
[not found] ` <20090415211609.GA6704-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-16 15:35 ` Alexey Dobriyan
[not found] ` <49E64BFF.5080002-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-15 21:16 ` Serge E. Hallyn
[not found] ` <20090415203920.GA5475-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-15 21:05 ` Oren Laadan
[not found] ` <20090414213934.GB17986-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-04-15 19:21 ` CAP_SYS_ADMIN on restart(2) (was: Re: [PATCH 00/30] C/R OpenVZ/Virtuozzo style) Alexey Dobriyan
[not found] ` <49E4108A.8050201-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 14:58 ` [PATCH 00/30] C/R OpenVZ/Virtuozzo style Alexey Dobriyan
[not found] ` <20090413091423.GA19236-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-13 11:16 ` Dave Hansen
2009-04-13 18:07 ` Dave Hansen
2009-04-13 18:07 ` Dave Hansen
2009-04-14 4:26 ` Oren Laadan
2009-04-13 9:14 ` Alexey Dobriyan
[not found] ` <20090410023207.GA27788-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-10 2:44 ` Alexey Dobriyan
2009-04-10 5:07 ` Dave Hansen
2009-04-10 8:28 ` Ingo Molnar
2009-04-10 8:28 ` Ingo Molnar
2009-04-10 11:45 ` Alexey Dobriyan
[not found] ` <20090410082815.GA17962-X9Un+BFzKDI@public.gmane.org>
2009-04-10 11:45 ` Alexey Dobriyan
2009-04-10 15:06 ` Linus Torvalds
2009-04-14 5:46 ` Oren Laadan
2009-04-14 5:46 ` Oren Laadan
[not found] ` <49E4233C.3000108-eQaUEPhvms7ENvBUuze7eA@public.gmane.org>
2009-04-14 15:19 ` Alexey Dobriyan
2009-04-14 15:19 ` Alexey Dobriyan
2009-04-10 15:06 ` Linus Torvalds
[not found] ` <alpine.LFD.2.00.0904100758410.4583-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-04-13 7:39 ` Alexey Dobriyan
2009-04-13 7:39 ` Alexey Dobriyan
[not found] ` <20090413073925.GB7085-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-13 18:39 ` Linus Torvalds
2009-04-13 18:39 ` Linus Torvalds
2009-04-13 19:30 ` Ingo Molnar
[not found] ` <alpine.LFD.2.00.0904131137520.26713-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-04-13 19:30 ` Ingo Molnar
2009-04-14 12:29 ` Alexey Dobriyan
2009-04-14 12:29 ` Alexey Dobriyan
2009-04-14 13:44 ` Ingo Molnar
[not found] ` <20090414134420.GC27163-X9Un+BFzKDI@public.gmane.org>
2009-04-14 16:53 ` Alexey Dobriyan
2009-04-14 16:53 ` Alexey Dobriyan
[not found] ` <20090414122906.GA20201-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-04-14 13:44 ` Ingo Molnar
2009-04-14 17:09 ` Linus Torvalds
2009-04-14 17:09 ` Linus Torvalds
[not found] ` <alpine.LFD.2.00.0904141006170.18124-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-04-14 17:19 ` Randy Dunlap
2009-04-14 17:19 ` Randy Dunlap
[not found] ` <49E4C5BD.1040405-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>
2009-04-14 17:32 ` Linus Torvalds
2009-04-14 17:32 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090415202220.GA5228@us.ibm.com \
--to=serue@us.ibm.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=orenl@cs.columbia.edu \
--cc=torvalds@linux-foundation.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.