forked from neil/lxc-templates
alpine: make dropping setpcap optional
capability required e.g. by strongswan Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
This commit is contained in:
parent
e8519f553f
commit
73de1660d4
@ -8,7 +8,6 @@ lxc.tty.dir =
|
|||||||
lxc.cap.drop = audit_write
|
lxc.cap.drop = audit_write
|
||||||
lxc.cap.drop = ipc_owner
|
lxc.cap.drop = ipc_owner
|
||||||
lxc.cap.drop = mknod
|
lxc.cap.drop = mknod
|
||||||
lxc.cap.drop = setpcap
|
|
||||||
lxc.cap.drop = sys_nice
|
lxc.cap.drop = sys_nice
|
||||||
lxc.cap.drop = sys_pacct
|
lxc.cap.drop = sys_pacct
|
||||||
lxc.cap.drop = sys_rawio
|
lxc.cap.drop = sys_rawio
|
||||||
|
@ -401,6 +401,9 @@ configure_container() {
|
|||||||
# Comment this out if you have to debug processes by tracing.
|
# Comment this out if you have to debug processes by tracing.
|
||||||
lxc.cap.drop = sys_ptrace
|
lxc.cap.drop = sys_ptrace
|
||||||
|
|
||||||
|
# Comment this out if required by your applications.
|
||||||
|
lxc.cap.drop = setpcap
|
||||||
|
|
||||||
# Include common configuration.
|
# Include common configuration.
|
||||||
lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
|
lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
|
||||||
EOF
|
EOF
|
||||||
|
Loading…
Reference in New Issue
Block a user