The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc-templates/pull/12
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
capability required e.g. by strongswan
From 3ae7e03091b14025fcbcdcfac5247b45714bb02d Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritva...@datakunkku.fi>
Date: Sat, 29 Sep 2018 17:32:03 +0300
Subject: [PATCH] alpine: make dropping setpcap optional
capability required e.g. by strongswan
---
config/alpine.common.conf.in | 1 -
templates/lxc-alpine.in | 3 +++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/config/alpine.common.conf.in b/config/alpine.common.conf.in
index 1c4cf81..550ada8 100644
--- a/config/alpine.common.conf.in
+++ b/config/alpine.common.conf.in
@@ -8,7 +8,6 @@ lxc.tty.dir =
lxc.cap.drop = audit_write
lxc.cap.drop = ipc_owner
lxc.cap.drop = mknod
-lxc.cap.drop = setpcap
lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_rawio
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 174c368..543961c 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -401,6 +401,9 @@ configure_container() {
# Comment this out if you have to debug processes by tracing.
lxc.cap.drop = sys_ptrace
+ # Comment this out if required by your applications.
+ lxc.cap.drop = setpcap
+
# Include common configuration.
lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
EOF
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
