fedora: don't drop the sys_nice capability to support running ctdb

2024-04-29 09:38:59 +00:00 · 2015-01-05 02:29:21 +01:00 · 2015-01-05 02:29:21 +01:00 · d3705133a9
parent 6bfbe0e8d7
commit d3705133a9
1 changed files with 3 additions and 1 deletions
--- a/conf/fedora
+++ b/conf/fedora
@ -36,7 +36,9 @@ lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
 #
 lxc.cap.drop = mac_admin mac_override
 lxc.cap.drop = setfcap
-lxc.cap.drop = sys_module sys_nice sys_pacct
+lxc.cap.drop = sys_module sys_pacct
+# sys_nice: needed to run CTDB
+#lxc.cap.drop = sys_nice sys_pacct
 lxc.cap.drop = sys_rawio sys_time

 # Control Group devices: all denied except those whitelisted