Skip to content

L
lxc
Unverified Commit 19f90d53 by i.Dark_Templar Committed by Christian Brauner
Options

Update gentoo.moresecure.conf.

Closes https://github.com/lxc/lxc/issues/1928Signed-off-by: 's avatari.Dark_Templar <darktemplar@dark-templar-archives.net>
parent 28f7670c
Showing with 2 additions and 1 deletion
config/templates/gentoo.moresecure.conf.in
...@@ -30,7 +30,8 @@ lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0 ...@@ -30,7 +30,8 @@ lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
# lxc.cap.drop = audit_write # lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap # breaks journald # lxc.cap.drop = setpcap # breaks journald
# lxc.cap.drop = sys_resource # breaks systemd # lxc.cap.drop = sys_resource # breaks systemd
lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_boot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_tty_config syslog # lxc.cap.drop = sys_boot # breaks sysvinit
lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_tty_config syslog
# WARNING: the security vulnerability reported for 'cap_net_admin' at # WARNING: the security vulnerability reported for 'cap_net_admin' at
# http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html # http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment