[lxc-devel] [PATCH] lxc-alpine: disable sys_admin by default
Natanael Copa
ncopa at alpinelinux.org
Wed Jan 29 13:00:48 UTC 2014
It is normally not needed.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
---
templates/lxc-alpine.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 40957ab..ec6b802 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -199,7 +199,7 @@ EOF
lxc.tty = 4
lxc.pts = 1024
lxc.utsname = $hostname
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
+lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
--
1.8.5.3
More information about the lxc-devel
mailing list