Commits
Kir Kolyshkin authored 4721d0e68e1
Add SETPCAP and AUDIT_WRITE capabilities to default set This is an on-going effort to make Fedora 15/16 systemd work inside an OpenVZ container. SETPCAP: Some services can't be started, because systemd can't set securebits flags. [ 3637.944447] <29>systemd[1]: systemd-logger.service: main process exited, code=exited, status=218 Starting with kernel 2.6.26, and with a kernel in which file capabilities are enabled, Linux implements a set of per-thread securebits flags that can be used to disable special handling of capabilities for UID 0 (root). It allows to retain its capabilities when it switches all of its UIDs to a non-zero value. You can get more info from man capabilities. AUDIT_WRITE: needed for non-root apps that want to set audit messages. SETVEID: this is and obsoleted flag not used by OpenVZ kernels anymore, so we just remove it. Yes incidentally it was using the same number as AUDIT_WRITE. Somewhat related to http://bugzilla.openvz.org/1911 Signed-off-by: Kir Kolyshkin <kir@openvz.org>