From 1cb849b724e80a3fd2b70257b4f44620475de2bd Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Tue, 16 Jan 2018 15:53:04 +0200
Subject: [PATCH] lxc-alpine: allow retaining sys_ptrace per container

Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
---
 config/templates/alpine.common.conf.in | 1 -
 templates/lxc-alpine.in                | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/templates/alpine.common.conf.in b/config/templates/alpine.common.conf.in
index b3444261f..28d0c6f2d 100644
--- a/config/templates/alpine.common.conf.in
+++ b/config/templates/alpine.common.conf.in
@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
 lxc.cap.drop = setpcap
 lxc.cap.drop = sys_nice
 lxc.cap.drop = sys_pacct
-lxc.cap.drop = sys_ptrace
 lxc.cap.drop = sys_rawio
 lxc.cap.drop = sys_resource
 lxc.cap.drop = sys_tty_config
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in
index 2c76a008d..6d55a01f0 100644
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -396,6 +396,9 @@ configure_container() {
 		# hostname(1).
 		lxc.cap.drop = sys_admin
 
+		# Comment this out if you have to debug processes by tracing.
+		lxc.cap.drop = sys_ptrace
+
 		# Include common configuration.
 		lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
 	EOF
-- 
2.47.2