Skip to content

L
lxc
Unverified Commit 1cb849b7 by Kaarle Ritvanen Committed by Christian Brauner
Options

lxc-alpine: allow retaining sys_ptrace per container

Signed-off-by: 's avatarKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
parent f5d35f37
Showing with 3 additions and 1 deletion
config/templates/alpine.common.conf.in
...@@ -11,7 +11,6 @@ lxc.cap.drop = mknod ...@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
lxc.cap.drop = setpcap lxc.cap.drop = setpcap
lxc.cap.drop = sys_nice lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_ptrace
lxc.cap.drop = sys_rawio lxc.cap.drop = sys_rawio
lxc.cap.drop = sys_resource lxc.cap.drop = sys_resource
lxc.cap.drop = sys_tty_config lxc.cap.drop = sys_tty_config
......
templates/lxc-alpine.in
...@@ -396,6 +396,9 @@ configure_container() { ...@@ -396,6 +396,9 @@ configure_container() {
# hostname(1). # hostname(1).
lxc.cap.drop = sys_admin lxc.cap.drop = sys_admin
# Comment this out if you have to debug processes by tracing.
lxc.cap.drop = sys_ptrace
# Include common configuration. # Include common configuration.
lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
EOF EOF
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment