alpine: make dropping setpcap optional

capability required e.g. by strongswan

Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
This commit is contained in:
Kaarle Ritvanen 2018-09-29 17:32:03 +03:00
parent e8519f553f
commit 73de1660d4
2 changed files with 3 additions and 1 deletions

View File

@ -8,7 +8,6 @@ lxc.tty.dir =
lxc.cap.drop = audit_write lxc.cap.drop = audit_write
lxc.cap.drop = ipc_owner lxc.cap.drop = ipc_owner
lxc.cap.drop = mknod lxc.cap.drop = mknod
lxc.cap.drop = setpcap
lxc.cap.drop = sys_nice lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_rawio lxc.cap.drop = sys_rawio

View File

@ -401,6 +401,9 @@ configure_container() {
# Comment this out if you have to debug processes by tracing. # Comment this out if you have to debug processes by tracing.
lxc.cap.drop = sys_ptrace lxc.cap.drop = sys_ptrace
# Comment this out if required by your applications.
lxc.cap.drop = setpcap
# Include common configuration. # Include common configuration.
lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
EOF EOF