[lxc-devel] [lxc-templates/master] alpine: make dropping setpcap optional
kunkku on Github
lxc-bot at linuxcontainers.org
Sat Sep 29 15:30:39 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 347 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180929/4860ea60/attachment.bin>
-------------- next part --------------
From 3ae7e03091b14025fcbcdcfac5247b45714bb02d Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Date: Sat, 29 Sep 2018 17:32:03 +0300
Subject: [PATCH] alpine: make dropping setpcap optional
capability required e.g. by strongswan
---
config/alpine.common.conf.in | 1 -
templates/lxc-alpine.in | 3 +++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/config/alpine.common.conf.in b/config/alpine.common.conf.in
index 1c4cf81..550ada8 100644
--- a/config/alpine.common.conf.in
+++ b/config/alpine.common.conf.in
@@ -8,7 +8,6 @@ lxc.tty.dir =
lxc.cap.drop = audit_write
lxc.cap.drop = ipc_owner
lxc.cap.drop = mknod
-lxc.cap.drop = setpcap
lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_rawio
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 174c368..543961c 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -401,6 +401,9 @@ configure_container() {
# Comment this out if you have to debug processes by tracing.
lxc.cap.drop = sys_ptrace
+ # Comment this out if required by your applications.
+ lxc.cap.drop = setpcap
+
# Include common configuration.
lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
EOF
More information about the lxc-devel
mailing list