Hello,
well, you can obtain information about what capabilities are on by inspecting /proc/<pid>/status file of any process in VE. For example:
[root@white ~]# vzctl enter 1
entered into VE 1
[root@white /]# cat /proc/1/status
Name: init.real
State: S (sleeping)
SleepAVG: 98%
Tgid: 1
Pid: 1
PPid: 0
TracerPid: 0
FNid: 1
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 256
Groups: 0 1 2 3 4 6 10
envID: 1
VPid: 1
PNState: 0
StopState: 0
VmPeak: 1628 kB
VmSize: 1624 kB
VmLck: 0 kB
VmHWM: 600 kB
VmRSS: 600 kB
VmData: 184 kB
VmStk: 16 kB
VmExe: 28 kB
VmLib: 1360 kB
VmPTE: 16 kB
Threads: 1
SigQ: 0/36864
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: fffffffe57f0d8fc
SigCgt: 00000000280b2603
SigSvd: 0000000000000000
CapInh: 000000005dcceeff
CapPrm: 000000005dcceeff
CapEff: 000000005dcceeff
TaskUB: 1
MMUB: 1
This part concerns capabilities:
CapInh: 000000005dcceeff
CapPrm: 000000005dcceeff
CapEff: 000000005dcceeff
The only question is how to translate these digits into something more meaningful?
Well, you can dig in kernel sources and investigate it. You can even write a tool (or kernel patch), that will extract needed information to VE0. Then we'll include it in OpenVZ ![Smile](images/smiley_icons/icon_smile.gif)
Vasily