> To be pedantic, it is not a lie - you have that capability against your own user namespace,
Ah, so that says "you can do it", but it's never actually going to work? I guess that's just another expression of audit not working in namespaces then..
> Unfortunately that will be tough coordinate with the (soon-coming) namespaced audit.
Ooh, is that coming? Then I guess we shouldn't bother much, it's not an important problem. For the most part unpriv containers work fine now.
> To be pedantic, it is not a lie - you have that capability against your own user namespace,
Ah, so that says "you can do it", but it's never actually going to work? I guess that's just another expression of audit not working in namespaces then..
> Unfortunately that will be tough coordinate with the (soon-coming) namespaced audit.
Ooh, is that coming? Then I guess we shouldn't bother much, it's not an important problem. For the most part unpriv containers work fine now.