Merge pull request #2086 from kunkku/alpine-ptrace

lxc-alpine: allow retaining sys_ptrace per container

Merge pull request #2086 from kunkku/alpine-ptrace
e7d7dd73 · Christian Brauner · GitHub · fbf4cc95 · ecef04af · e7d7dd73
Unverified Commit e7d7dd73 authored Jan 16, 2018 by Christian Brauner Committed by GitHub Jan 16, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

alpine.common.conf.in config/templates/alpine.common.conf.in +0 -1

lxc-alpine.in templates/lxc-alpine.in +3 -0

No files found.
--- a/config/templates/alpine.common.conf.in
+++ b/config/templates/alpine.common.conf.in
@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
 lxc.cap.drop = setpcap
 lxc.cap.drop = sys_nice
 lxc.cap.drop = sys_pacct
-lxc.cap.drop = sys_ptrace
 lxc.cap.drop = sys_rawio
 lxc.cap.drop = sys_resource
 lxc.cap.drop = sys_tty_config

--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -398,6 +398,9 @@ configure_container() {
 		# hostname(1).
 		lxc.cap.drop = sys_admin
+		# Comment this out if you have to debug processes by tracing.
+		lxc.cap.drop = sys_ptrace
 		# Include common configuration.
 		lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
 	EOF