main/lxc: make dropping setpcap optional

1 files changed, 24 insertions, 0 deletions

diff --git a/main/lxc/make-dropping-setpcap-optional.patch b/main/lxc/make-dropping-setpcap-optional.patch
new file mode 100644
index 0000000000..5288d8f3b4
--- /dev/null
+++ b/main/lxc/make-dropping-setpcap-optional.patch
@@ -0,0 +1,24 @@
+--- lxc-lxc-2.1.1/config/templates/alpine.common.conf.in
++++ lxc-lxc-2.1.1.setpcap/config/templates/alpine.common.conf.in
+@@ -8,7 +8,6 @@
+ lxc.cap.drop = audit_write
+ lxc.cap.drop = ipc_owner
+ lxc.cap.drop = mknod
+-lxc.cap.drop = setpcap
+ lxc.cap.drop = sys_nice
+ lxc.cap.drop = sys_pacct
+ lxc.cap.drop = sys_ptrace
+Only in lxc-lxc-2.1.1.setpcap: config/templates/alpine.common.conf.in.orig
+--- lxc-lxc-2.1.1/templates/lxc-alpine.in
++++ lxc-lxc-2.1.1.setpcap/templates/lxc-alpine.in
+@@ -398,6 +398,9 @@
+ 		# hostname(1).
+ 		lxc.cap.drop = sys_admin
+ 
++		# Comment this out if required by your applications.
++		lxc.cap.drop = setpcap
++
+ 		# Include common configuration.
+ 		lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf
+ 	EOF
+Only in lxc-lxc-2.1.1.setpcap: templates/lxc-alpine.in.orig