[lxc-devel] [PATCH] lxc-alpine: disable sys_admin by default
Stéphane Graber
stgraber at ubuntu.com
Wed Jan 29 13:46:10 UTC 2014
On Wed, Jan 29, 2014 at 01:00:48PM +0000, Natanael Copa wrote:
> It is normally not needed.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> templates/lxc-alpine.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
> index 40957ab..ec6b802 100644
> --- a/templates/lxc-alpine.in
> +++ b/templates/lxc-alpine.in
> @@ -199,7 +199,7 @@ EOF
> lxc.tty = 4
> lxc.pts = 1024
> lxc.utsname = $hostname
> -lxc.cap.drop = sys_module mac_admin mac_override sys_time
> +lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin
>
> # When using LXC with apparmor, uncomment the next line to run unconfined:
> #lxc.aa_profile = unconfined
> --
> 1.8.5.3
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140129/0fd1da85/attachment.pgp>
More information about the lxc-devel
mailing list