alpine: make dropping setpcap optional

capability required e.g. by strongswan

Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

config/alpine.common.conf.in

@@ -8,7 +8,6 @@ lxc.tty.dir =
 lxc.cap.drop = audit_write
 lxc.cap.drop = ipc_owner
 lxc.cap.drop = mknod
-lxc.cap.drop = setpcap
 lxc.cap.drop = sys_nice
 lxc.cap.drop = sys_pacct
 lxc.cap.drop = sys_rawio

templates/lxc-alpine.in

@@ -401,6 +401,9 @@ configure_container() {
 		# Comment this out if you have to debug processes by tracing.
 		lxc.cap.drop = sys_ptrace
 
+		# Comment this out if required by your applications.
+		lxc.cap.drop = setpcap
+
 		# Include common configuration.
 		lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
 	EOF