]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bced9b0)
Change sys_resources to sys_resource. 1010/head
authorKarl-Johan Karlsson <creideiki@ferretporn.se>
Sun, 8 May 2016 08:38:31 +0000 (10:38 +0200)
committerKarl-Johan Karlsson <creideiki@ferretporn.se>
Sun, 8 May 2016 08:46:36 +0000 (10:46 +0200)
gentoo.moresecure.conf tries to drop the capability CAP_SYS_RESOURCES.
However, that capability doesn't exist, so the container doesn't start.
Change it to CAP_SYS_RESOURCE, according to capabilities(7).

Also correct the same typo in a comment in slackware.common.conf.

Signed-off-by: Karl-Johan Karlsson <creideiki@ferretporn.se>
config/templates/gentoo.moresecure.conf.in patch | blob | blame | history
config/templates/slackware.common.conf.in patch | blob | blame | history

diff --git a/config/templates/gentoo.moresecure.conf.in b/config/templates/gentoo.moresecure.conf.in
index 6e9aa0d309d98de5883fad67da8d3de9f2e24e42..c08b91c1ab6eea49f52244c56c9f18eabc85e1b7 100644 (file)
--- a/config/templates/gentoo.moresecure.conf.in
+++ b/config/templates/gentoo.moresecure.conf.in
@@ -29,8 +29,8 @@ lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
 # lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
 # lxc.cap.drop = audit_write
 # lxc.cap.drop = setpcap          # breaks journald
-# lxc.cap.drop = sys_resources    # breaks systemd
-lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_boot sys_nice sys_pacct sys_ptrace sys_rawio sys_resources sys_tty_config syslog
+# lxc.cap.drop = sys_resource     # breaks systemd
+lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_boot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_tty_config syslog
 
 # WARNING: the security vulnerability reported for 'cap_net_admin' at
 # http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
diff --git a/config/templates/slackware.common.conf.in b/config/templates/slackware.common.conf.in
index 191099feeb2a905fb043bcb52388dcdb582209d9..c932e6db7e350934ad44872164a08b36de41f2cc 100644 (file)
--- a/config/templates/slackware.common.conf.in
+++ b/config/templates/slackware.common.conf.in
@@ -41,6 +41,6 @@ lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
 # lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
 # lxc.cap.drop = audit_write
 # lxc.cap.drop = setpcap          # breaks journald
-# lxc.cap.drop = sys_resources    # breaks systemd
+# lxc.cap.drop = sys_resource     # breaks systemd
 #
 lxc.cap.drop = mknod setfcap setpcap
Mirror of https://github.com/lxc/lxc.git