From 6ff9f8ec1c997d52fac089f9db929f1fea534faa Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 29 Jan 2014 13:00:48 +0000 Subject: [PATCH] lxc-alpine: disable sys_admin by default MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit It is normally not needed. Signed-off-by: Natanael Copa Acked-by: Stéphane Graber --- templates/lxc-alpine.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in index 40957ab78..ec6b802af 100644 --- a/templates/lxc-alpine.in +++ b/templates/lxc-alpine.in @@ -199,7 +199,7 @@ EOF lxc.tty = 4 lxc.pts = 1024 lxc.utsname = $hostname -lxc.cap.drop = sys_module mac_admin mac_override sys_time +lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin # When using LXC with apparmor, uncomment the next line to run unconfined: #lxc.aa_profile = unconfined -- 2.47.2