[lxc-devel] [lxd/master] Block sys_rawio in LXD too
stgraber on Github
lxc-bot at linuxcontainers.org
Thu Mar 17 01:35:18 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 446 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160317/e904c15c/attachment.bin>
-------------- next part --------------
From 7d5c49e1f322983ec2f3c1e49c577898ceaddc01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Wed, 16 Mar 2016 21:34:43 -0400
Subject: [PATCH] Block sys_rawio in LXD too
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
After we just made that change in LXC, lets replicate it in the LXD
default config too.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/container_lxc.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 5eec978..d081a81 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -284,7 +284,7 @@ func (c *containerLXC) initLXC() error {
}
// Base config
- err = lxcSetConfigItem(cc, "lxc.cap.drop", "mac_admin mac_override sys_time sys_module")
+ err = lxcSetConfigItem(cc, "lxc.cap.drop", "mac_admin mac_override sys_time sys_module sys_rawio")
if err != nil {
return err
}
More information about the lxc-devel
mailing list