From: Азалия Смарагдова <charming.flurry@yandex.ru>
Date: Tue, 11 Oct 2022 14:39:44 +0000 (+0500)
Subject: Remove CAP_SYS_MODULE from the capability bounding set.
X-Git-Tag: 1.3.4~26
X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/commitdiff_plain/883fc4edf97ffa43561290110875d6c3111d3d76?ds=sidebyside

Remove CAP_SYS_MODULE from the capability bounding set.
---

diff --git a/data/configs/config_base b/data/configs/config_base
index 8bcff5c..f996bb4 100644
--- a/data/configs/config_base
+++ b/data/configs/config_base
@@ -5,7 +5,7 @@ lxc.arch = LXCARCH
 lxc.autodev = 0
 # lxc.autodev.tmpfs.size = 25000000
 
-lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
+lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner ipc_lock sys_chroot
 
 lxc.mount.auto = cgroup:ro sys:ro proc