From 3282889c04f297810a68d9e0df8055e79ff21355 Mon Sep 17 00:00:00 2001 From: Antoine Catton <acatton@tiolive.com> Date: Tue, 14 Aug 2012 18:50:36 +0900 Subject: [PATCH] Add some security options --- software/lxc/lxc.conf.in | 2 ++ software/lxc/software.cfg | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/software/lxc/lxc.conf.in b/software/lxc/lxc.conf.in index cebdc33f3..a41eab1e6 100644 --- a/software/lxc/lxc.conf.in +++ b/software/lxc/lxc.conf.in @@ -25,3 +25,5 @@ lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 254:0 rwm lxc.rootfs = %(rootfs)s + +lxc.cap.drop = sys_module sys_time sys_chroot mknod diff --git a/software/lxc/software.cfg b/software/lxc/software.cfg index 0d612787e..cded0a461 100644 --- a/software/lxc/software.cfg +++ b/software/lxc/software.cfg @@ -41,7 +41,7 @@ mode = 0644 recipe = hexagonit.recipe.download url = ${:_profile_base_location_}/${:filename} filename = lxc.conf.in -md5sum = 47cf7520c17c964d4d93608d6785a6a3 +md5sum = e47acb30a9783d2f264b51b3c46262ae download-only = true [slapos-toolbox] -- 2.30.9