From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 16 Jan 2018 13:53:04 +0000 (+0200)
Subject: lxc-alpine: allow retaining sys_ptrace per container
X-Git-Tag: lxc-2.0.10~411
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1cb849b724e80a3fd2b70257b4f44620475de2bd;p=thirdparty%2Flxc.git

lxc-alpine: allow retaining sys_ptrace per container

Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
---

diff --git a/config/templates/alpine.common.conf.in b/config/templates/alpine.common.conf.in
index b3444261f..28d0c6f2d 100644
--- a/config/templates/alpine.common.conf.in
+++ b/config/templates/alpine.common.conf.in
@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
 lxc.cap.drop = setpcap
 lxc.cap.drop = sys_nice
 lxc.cap.drop = sys_pacct
-lxc.cap.drop = sys_ptrace
 lxc.cap.drop = sys_rawio
 lxc.cap.drop = sys_resource
 lxc.cap.drop = sys_tty_config
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 2c76a008d..6d55a01f0 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -396,6 +396,9 @@ configure_container() {
 		# hostname(1).
 		lxc.cap.drop = sys_admin
 
+		# Comment this out if you have to debug processes by tracing.
+		lxc.cap.drop = sys_ptrace
+
 		# Include common configuration.
 		lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
 	EOF