|
@@ -111,7 +111,7 @@ lxc.mount.entry = {{$realPath}} {{$ROOTFS}}/{{$virtualPath}} none bind,{{ if ind
|
|
|
# (Note: 'lxc.cap.keep' is coming soon and should replace this under the
|
|
# (Note: 'lxc.cap.keep' is coming soon and should replace this under the
|
|
|
# security principle 'deny all unless explicitly permitted', see
|
|
# security principle 'deny all unless explicitly permitted', see
|
|
|
# http://sourceforge.net/mailarchive/message.php?msg_id=31054627 )
|
|
# http://sourceforge.net/mailarchive/message.php?msg_id=31054627 )
|
|
|
-lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setfcap setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
|
|
|
|
|
|
|
+lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
|
|
|
{{end}}
|
|
{{end}}
|
|
|
|
|
|
|
|
# limits
|
|
# limits
|
Guillaume J. Charmes