Im looking for and trying how to drop capabilities from lxc container created with virt-install. I think it isn't the "same" as lxc is.
Code: Select all
virt-install --connect lxc:// --name fedora20 --ram 512 --filesystem /var/lib/libvirt/filesystems/fedora20/
cat /usr/share/lxc/config/centos.common.conf
Code: Select all
lxc.cap.drop = mac_admin mac_override setfcap
lxc.cap.drop = sys_module sys_nice sys_pacct
lxc.cap.drop = sys_rawio sys_time