Container capabilities have been restricted.

diff --git a/data/configs/config_1 b/data/configs/config_1
index 9cc28f92ba8630ff9e65d2a7b687f1adf2561f18..cc997810e9c57c44164a5e25a4d0a16cf31dbcf9 100644 (file)
--- a/data/configs/config_1
+++ b/data/configs/config_1
@@ -7,6 +7,8 @@ lxc.autodev = 0
 # lxc.autodev.tmpfs.size = 25000000
 lxc.aa_profile = unconfined
 
+lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
+
 lxc.init_cmd = /init
 
 lxc.mount.auto = cgroup:ro sys:ro proc

diff --git a/data/configs/config_2 b/data/configs/config_2
index 6a1aca017a1e8c4e3a348c640c00cd1e5ea58d0d..172e1e7bfc11f2df6c1d6d54c213a7d845b77042 100644 (file)
--- a/data/configs/config_2
+++ b/data/configs/config_2
@@ -7,6 +7,7 @@ lxc.autodev = 0
 # lxc.autodev.tmpfs.size = 25000000
 lxc.apparmor.profile = unconfined
 
+lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
 lxc.no_new_privs = 1
 
 lxc.init.cmd = /init