From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 1 Mar 2018 16:09:44 +0000 (+0100)
Subject: config: start with a full capability set
X-Git-Tag: lxc-2.0.10~193
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5f9a0185a5a2d2b2184f7d1d954fd6e8ccf9397;p=thirdparty%2Flxc.git

config: start with a full capability set

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in
index bde6f1db2..63d018964 100644
--- a/config/templates/userns.conf.in
+++ b/config/templates/userns.conf.in
@@ -2,5 +2,9 @@
 lxc.cgroup.devices.deny =
 lxc.cgroup.devices.allow =
 
+# Start with a full set of capabilities in user namespaces.
+lxc.cap.drop =
+lxc.cap.keep =
+
 # We can't move bind-mounts, so don't use /dev/lxc/
 lxc.devttydir =