[lxc-devel] [lxc/master] lxc-alpine: allow retaining sys_ptrace per container
kunkku on Github
lxc-bot at linuxcontainers.org
Tue Jan 16 14:04:14 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 608 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180116/fc708331/attachment.bin>
-------------- next part --------------
From ecef04af7104c39cfcd96f3c429afe51d59ac628 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Date: Tue, 16 Jan 2018 15:53:04 +0200
Subject: [PATCH] lxc-alpine: allow retaining sys_ptrace per container
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
---
config/templates/alpine.common.conf.in | 1 -
templates/lxc-alpine.in | 3 +++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/config/templates/alpine.common.conf.in b/config/templates/alpine.common.conf.in
index 934fee28e..1c4cf815a 100644
--- a/config/templates/alpine.common.conf.in
+++ b/config/templates/alpine.common.conf.in
@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
lxc.cap.drop = setpcap
lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct
-lxc.cap.drop = sys_ptrace
lxc.cap.drop = sys_rawio
lxc.cap.drop = sys_resource
lxc.cap.drop = sys_tty_config
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 768e69028..174c36815 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -398,6 +398,9 @@ configure_container() {
# hostname(1).
lxc.cap.drop = sys_admin
+ # Comment this out if you have to debug processes by tracing.
+ lxc.cap.drop = sys_ptrace
+
# Include common configuration.
lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
EOF
More information about the lxc-devel
mailing list