lxc-alpine: disable sys_admin by default

author Natanael Copa <ncopa@alpinelinux.org>

Wed, 29 Jan 2014 13:00:48 +0000 (13:00 +0000)

committer Stéphane Graber <stgraber@ubuntu.com>

Wed, 29 Jan 2014 13:43:52 +0000 (13:43 +0000)
author Natanael Copa <ncopa@alpinelinux.org>
Wed, 29 Jan 2014 13:00:48 +0000 (13:00 +0000)
committer Stéphane Graber <stgraber@ubuntu.com>
Wed, 29 Jan 2014 13:43:52 +0000 (13:43 +0000)
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in

index 40957ab786a56627ea1aaaa0993eb2457ac11189..ec6b802af64e1404a083425530d5827d369ffb69 100644 (file)
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -199,7 +199,7 @@ EOF
  lxc.tty = 4
  lxc.pts = 1024
  lxc.utsname = $hostname
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
+lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin
  
  # When using LXC with apparmor, uncomment the next line to run unconfined:
  #lxc.aa_profile = unconfined
author	Natanael Copa <ncopa@alpinelinux.org>
	Wed, 29 Jan 2014 13:00:48 +0000 (13:00 +0000)
committer	Stéphane Graber <stgraber@ubuntu.com>
	Wed, 29 Jan 2014 13:43:52 +0000 (13:43 +0000)