Drop cabailities sVirt & lxc

Support for security such as Firewalls and securing linux
bryn1u
Posts: 33
Joined: 2010/04/09 15:38:07
Contact:

Drop cabailities sVirt & lxc

Postby bryn1u » 2018/01/31 21:16:37

Hello guys,

Im looking for and trying how to drop capabilities from lxc container created with virt-install. I think it isn't the "same" as lxc is.

Code: Select all

virt-install --connect lxc:// --name fedora20 --ram 512 --filesystem /var/lib/libvirt/filesystems/fedora20/


Selinux works good but im wondering how can i drop cap from this container. In lxc looks like:

cat /usr/share/lxc/config/centos.common.conf

Code: Select all

lxc.cap.drop = mac_admin mac_override setfcap
lxc.cap.drop = sys_module sys_nice sys_pacct
lxc.cap.drop = sys_rawio sys_time

Someone can help ?