Update gentoo.moresecure.conf.

Closes https://github.com/lxc/lxc/issues/1928Signed-off-by: i.Dark_Templar <darktemplar@dark-templar-archives.net>

Update gentoo.moresecure.conf.
19f90d53 · i.Dark_Templar · Christian Brauner · 28f7670c · 19f90d53
Unverified Commit 19f90d53 authored Dec 02, 2017 by i.Dark_Templar Committed by Christian Brauner Dec 15, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

gentoo.moresecure.conf.in config/templates/gentoo.moresecure.conf.in +2 -1

No files found.
--- a/config/templates/gentoo.moresecure.conf.in
+++ b/config/templates/gentoo.moresecure.conf.in
@@ -30,7 +30,8 @@ lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
 # lxc.cap.drop = audit_write
 # lxc.cap.drop = setpcap          # breaks journald
 # lxc.cap.drop = sys_resource     # breaks systemd
-lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_boot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_tty_config syslog
+# lxc.cap.drop = sys_boot         # breaks sysvinit
+lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_tty_config syslog

 # WARNING: the security vulnerability reported for 'cap_net_admin' at
 # http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html