lxc-alpine: allow retaining sys_ptrace per container

author Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

Tue, 16 Jan 2018 13:53:04 +0000 (15:53 +0200)

committer Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

Tue, 16 Jan 2018 14:02:49 +0000 (16:02 +0200)
author Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Tue, 16 Jan 2018 13:53:04 +0000 (15:53 +0200)
committer Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Tue, 16 Jan 2018 14:02:49 +0000 (16:02 +0200)
diff --git a/config/templates/alpine.common.conf.in b/config/templates/alpine.common.conf.in

index 934fee28e085bc3f94f332257f7a7ad3bc55ab14..1c4cf815a4113fa4cf1fff652a352afd6627e397 100644 (file)
--- a/config/templates/alpine.common.conf.in
+++ b/config/templates/alpine.common.conf.in
@@ -11,7 +11,6 @@ lxc.cap.drop = mknod
  lxc.cap.drop = setpcap
  lxc.cap.drop = sys_nice
  lxc.cap.drop = sys_pacct
-lxc.cap.drop = sys_ptrace
  lxc.cap.drop = sys_rawio
  lxc.cap.drop = sys_resource
  lxc.cap.drop = sys_tty_config
diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in

index 768e69028f2fb91a378e3d7a943c8515b1f4e788..174c36815e03ba5fa411b98db53f0ab474384238 100644 (file)
--- a/templates/lxc-alpine.in
+++ b/templates/lxc-alpine.in
@@ -398,6 +398,9 @@ configure_container() {
                 # hostname(1).
                 lxc.cap.drop = sys_admin
  
+               # Comment this out if you have to debug processes by tracing.
+               lxc.cap.drop = sys_ptrace
+
                 # Include common configuration.
                 lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
         EOF
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
	Tue, 16 Jan 2018 13:53:04 +0000 (15:53 +0200)
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
	Tue, 16 Jan 2018 14:02:49 +0000 (16:02 +0200)
config/templates/alpine.common.conf.in		patch \| blob \| blame \| history
templates/lxc-alpine.in		patch \| blob \| blame \| history