[lxc-devel] [lxc/lxc] 00ec0c: Adopt capability drop explanations from other dist...

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 00ec0cc72c0fb90f05b9e7dd293649cce88aec17
      https://github.com/lxc/lxc/commit/00ec0cc72c0fb90f05b9e7dd293649cce88aec17
  Author: Dennis Schridde <devurandom at gmx.net>
  Date:   2015-06-13 (Sat, 13 Jun 2015)

  Changed paths:
    M config/templates/gentoo.moresecure.conf.in

  Log Message:
  -----------
  Adopt capability drop explanations from other distros on Gentoo, drop setpcap,sys_nice caps

Documents setpcap,sys_admin,sys_resources as breaking systemd, but does not drop them from lxc.cap.drop, as the default init system on Gentoo is OpenRC, thus stuff breaking systemd can be blocked anyway.

This also drops setpcap and sys_nice caps, as these are also dropped in other non-systemd distros.

Most of the explanatory blurb was copied from other distros' configs.

See-Also: https://bugs.gentoo.org/show_bug.cgi?id=551792

Signed-Off-By: Dennis Schridde <devurandom at gmx.net>


  Commit: 60978799dfc0f0c10346cac01581254a260251a9
      https://github.com/lxc/lxc/commit/60978799dfc0f0c10346cac01581254a260251a9
  Author: Stéphane Graber <stgraber at stgraber.org>
  Date:   2015-06-15 (Mon, 15 Jun 2015)

  Changed paths:
    M config/templates/gentoo.moresecure.conf.in

  Log Message:
  -----------
  Merge pull request #564 from devurandom/fix/gentoo-systemd-caps

Adopt capability (lxc.cap.drop) documentation from other distros in Gentoo config, drop setpcap and sys_nice


Compare: https://github.com/lxc/lxc/compare/13353dc420e3...60978799dfc0