From d3705133a98fb6f9f0c14e5f45f4c4812558ddf1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 5 Jan 2015 02:29:21 +0100 Subject: [PATCH] fedora: don't drop the sys_nice capability to support running ctdb --- conf/fedora | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/conf/fedora b/conf/fedora index 7027b6b..e73a343 100644 --- a/conf/fedora +++ b/conf/fedora @@ -36,7 +36,9 @@ lxc.hook.clone = /usr/share/lxc/hooks/clonehostname # lxc.cap.drop = mac_admin mac_override lxc.cap.drop = setfcap -lxc.cap.drop = sys_module sys_nice sys_pacct +lxc.cap.drop = sys_module sys_pacct +# sys_nice: needed to run CTDB +#lxc.cap.drop = sys_nice sys_pacct lxc.cap.drop = sys_rawio sys_time # Control Group devices: all denied except those whitelisted