From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 29 Jan 2014 13:00:48 +0000 (+0000)
Subject: lxc-alpine: disable sys_admin by default
X-Git-Tag: lxc-1.0.0.beta4~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ff9f8ec1c997d52fac089f9db929f1fea534faa;p=thirdparty%2Flxc.git

lxc-alpine: disable sys_admin by default

It is normally not needed.

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 40957ab78..ec6b802af 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -199,7 +199,7 @@ EOF
 lxc.tty = 4
 lxc.pts = 1024
 lxc.utsname = $hostname
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
+lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin
 
 # When using LXC with apparmor, uncomment the next line to run unconfined:
 #lxc.aa_profile = unconfined