From 2c63dbf6c2d5f97523299a4ac7657de54a9a2c72 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=D0=90=D0=B7=D0=B0=D0=BB=D0=B8=D1=8F=20=D0=A1=D0=BC=D0=B0?=
 =?utf8?q?=D1=80=D0=B0=D0=B3=D0=B4=D0=BE=D0=B2=D0=B0?=
 <charming.flurry@yandex.ru>
Date: Tue, 30 Aug 2022 21:15:13 +0500
Subject: [PATCH] Container capabilities have been restricted.

---
 data/configs/config_1 | 2 ++
 data/configs/config_2 | 1 +
 2 files changed, 3 insertions(+)

diff --git a/data/configs/config_1 b/data/configs/config_1
index 9cc28f9..cc99781 100644
--- a/data/configs/config_1
+++ b/data/configs/config_1
@@ -7,6 +7,8 @@ lxc.autodev = 0
 # lxc.autodev.tmpfs.size = 25000000
 lxc.aa_profile = unconfined
 
+lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
+
 lxc.init_cmd = /init
 
 lxc.mount.auto = cgroup:ro sys:ro proc
diff --git a/data/configs/config_2 b/data/configs/config_2
index 6a1aca0..172e1e7 100644
--- a/data/configs/config_2
+++ b/data/configs/config_2
@@ -7,6 +7,7 @@ lxc.autodev = 0
 # lxc.autodev.tmpfs.size = 25000000
 lxc.apparmor.profile = unconfined
 
+lxc.cap.keep = audit_control sys_nice wake_alarm setpcap setgid setuid sys_ptrace sys_admin wake_alarm block_suspend sys_time net_admin net_raw net_bind_service kill dac_override dac_read_search fsetid mknod syslog chown sys_resource fowner sys_module ipc_lock sys_chroot
 lxc.no_new_privs = 1
 
 lxc.init.cmd = /init
-- 
2.47.3