mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-07-01 15:42:39 +00:00
47e5b5ae32
Added <capabilities> in the <features> section of LXC domains configuration. This section can contain elements named after the capabilities like: <mknod state="on"/>, keep CAP_MKNOD capability <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability Users can restrict or give more capabilities than the default using this mechanism.
29 lines
728 B
XML
29 lines
728 B
XML
<domain type='lxc'>
|
|
<name>demo</name>
|
|
<uuid>8369f1ac-7e46-e869-4ca5-759d51478066</uuid>
|
|
<os>
|
|
<type>exe</type>
|
|
<init>/sh</init>
|
|
</os>
|
|
<features>
|
|
<capabilities policy="deny">
|
|
<mknod state="on"/>
|
|
</capabilities>
|
|
</features>
|
|
<resource>
|
|
<partition>/virtualmachines</partition>
|
|
</resource>
|
|
<memory unit='KiB'>500000</memory>
|
|
<devices>
|
|
<filesystem type='mount'>
|
|
<source dir='/root/container'/>
|
|
<target dir='/'/>
|
|
</filesystem>
|
|
<filesystem type='mount'>
|
|
<source dir='/home'/>
|
|
<target dir='/home'/>
|
|
</filesystem>
|
|
<console type='pty'/>
|
|
</devices>
|
|
</domain>
|