fedora: don't drop the sys_nice capability to support running ctdb

author Michael Adam <obnox@samba.org>

Mon, 5 Jan 2015 01:29:21 +0000 (02:29 +0100)

committer Michael Adam <obnox@samba.org>

Mon, 7 Dec 2015 09:44:06 +0000 (10:44 +0100)
author Michael Adam <obnox@samba.org>
Mon, 5 Jan 2015 01:29:21 +0000 (02:29 +0100)
committer Michael Adam <obnox@samba.org>
Mon, 7 Dec 2015 09:44:06 +0000 (10:44 +0100)
diff --git a/conf/fedora b/conf/fedora

index 7027b6bb183d55c5454e30d515920372fd5a358e..e73a343cc540712564fb278ae3f5dd871dc35185 100644 (file)
--- a/conf/fedora
+++ b/conf/fedora
@@ -36,7 +36,9 @@ lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
  #
  lxc.cap.drop = mac_admin mac_override
  lxc.cap.drop = setfcap
-lxc.cap.drop = sys_module sys_nice sys_pacct
+lxc.cap.drop = sys_module sys_pacct
+# sys_nice: needed to run CTDB
+#lxc.cap.drop = sys_nice sys_pacct
  lxc.cap.drop = sys_rawio sys_time
  
  # Control Group devices: all denied except those whitelisted
author	Michael Adam <obnox@samba.org>
	Mon, 5 Jan 2015 01:29:21 +0000 (02:29 +0100)
committer	Michael Adam <obnox@samba.org>
	Mon, 7 Dec 2015 09:44:06 +0000 (10:44 +0100)