From 3282889c04f297810a68d9e0df8055e79ff21355 Mon Sep 17 00:00:00 2001
From: Antoine Catton <acatton@tiolive.com>
Date: Tue, 14 Aug 2012 18:50:36 +0900
Subject: [PATCH] Add some security options

---
 software/lxc/lxc.conf.in  | 2 ++
 software/lxc/software.cfg | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/software/lxc/lxc.conf.in b/software/lxc/lxc.conf.in
index cebdc33f3..a41eab1e6 100644
--- a/software/lxc/lxc.conf.in
+++ b/software/lxc/lxc.conf.in
@@ -25,3 +25,5 @@ lxc.cgroup.devices.allow = c 5:2 rwm
 lxc.cgroup.devices.allow = c 254:0 rwm
 
 lxc.rootfs = %(rootfs)s
+
+lxc.cap.drop = sys_module sys_time sys_chroot mknod
diff --git a/software/lxc/software.cfg b/software/lxc/software.cfg
index 0d612787e..cded0a461 100644
--- a/software/lxc/software.cfg
+++ b/software/lxc/software.cfg
@@ -41,7 +41,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
 filename = lxc.conf.in
-md5sum = 47cf7520c17c964d4d93608d6785a6a3
+md5sum = e47acb30a9783d2f264b51b3c46262ae
 download-only = true
 
 [slapos-toolbox]
-- 
2.30.9