lxc-alpine: allow retaining sys_ptrace per container

author Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

Tue, 16 Jan 2018 13:53:04 +0000 (15:53 +0200)

committer Christian Brauner <christian.brauner@ubuntu.com>

Fri, 19 Jan 2018 14:07:46 +0000 (15:07 +0100)
author Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Tue, 16 Jan 2018 13:53:04 +0000 (15:53 +0200)
committer Christian Brauner <christian.brauner@ubuntu.com>
Fri, 19 Jan 2018 14:07:46 +0000 (15:07 +0100)
diff --git a/config/templates/alpine.common.conf.in b/config/templates/alpine.common.conf.in

index b3444261f9e244e43e1b6944c87c84a0b897da4a..28d0c6f2d779f27d4aba2a2308ecd345f702d8ff 100644 (file)
--- a/config/templates/alpine.common.conf.in
+++ b/config/templates/alpine.common.conf.in
@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
  lxc.cap.drop = setpcap
  lxc.cap.drop = sys_nice
  lxc.cap.drop = sys_pacct
-lxc.cap.drop = sys_ptrace
  lxc.cap.drop = sys_rawio
  lxc.cap.drop = sys_resource
  lxc.cap.drop = sys_tty_config
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in

index 2c76a008d568fc3c16a1937bc56cedf1b56741dc..6d55a01f08a865f11688dd2ecc7b2cdb11523aa4 100644 (file)
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -396,6 +396,9 @@ configure_container() {
                 # hostname(1).
                 lxc.cap.drop = sys_admin
  
+               # Comment this out if you have to debug processes by tracing.
+               lxc.cap.drop = sys_ptrace
+
                 # Include common configuration.
                 lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
         EOF
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
	Tue, 16 Jan 2018 13:53:04 +0000 (15:53 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Fri, 19 Jan 2018 14:07:46 +0000 (15:07 +0100)
config/templates/alpine.common.conf.in		patch \| blob \| blame \| history
templates/lxc-alpine.in		patch \| blob \| blame \| history