From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 16 Jan 2018 13:53:04 +0000 (+0200)
Subject: lxc-alpine: allow retaining sys_ptrace per container
X-Git-Tag: lxc-3.0.0.beta1~77^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2086%2Fhead;p=thirdparty%2Flxc.git

lxc-alpine: allow retaining sys_ptrace per container

Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
---

diff --git a/config/templates/alpine.common.conf.in b/config/templates/alpine.common.conf.in
index 934fee28e..1c4cf815a 100644
--- a/config/templates/alpine.common.conf.in
+++ b/config/templates/alpine.common.conf.in
@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
 lxc.cap.drop = setpcap
 lxc.cap.drop = sys_nice
 lxc.cap.drop = sys_pacct
-lxc.cap.drop = sys_ptrace
 lxc.cap.drop = sys_rawio
 lxc.cap.drop = sys_resource
 lxc.cap.drop = sys_tty_config
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 768e69028..174c36815 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -398,6 +398,9 @@ configure_container() {
 		# hostname(1).
 		lxc.cap.drop = sys_admin
 
+		# Comment this out if you have to debug processes by tracing.
+		lxc.cap.drop = sys_ptrace
+
 		# Include common configuration.
 		lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
 	EOF