Don't allow write to /dev/rtc0, and remove sys_time.
Thanks, Christoph.
v2: drop sys_time, sys_module, mac_admin and mac_override in
all templates.
Reported-by: Christoph Mitasch
Signed-off-by: Serge Hallyn
---
templates/lxc-alpine.in | 3 ++-
templates/lxc-altlinux.in | 1 +
templa
Quoting Serge Hallyn (serge.hal...@ubuntu.com):
> Quoting Dwight Engen (dwight.en...@oracle.com):
> > On Wed, 1 May 2013 10:54:10 -0500
> > Serge Hallyn wrote:
> >
> > > Quoting Stéphane Graber (stgra...@ubuntu.com):
> > > > On 05/01/2013 06:51 AM, Serge Hallyn wrote:
> > > > > Don't allow write
Quoting Dwight Engen (dwight.en...@oracle.com):
> On Wed, 1 May 2013 10:54:10 -0500
> Serge Hallyn wrote:
>
> > Quoting Stéphane Graber (stgra...@ubuntu.com):
> > > On 05/01/2013 06:51 AM, Serge Hallyn wrote:
> > > > Don't allow write to /dev/rtc0, and remove sys_time (in any
> > > > templates wh
On Wed, 1 May 2013 10:54:10 -0500
Serge Hallyn wrote:
> Quoting Stéphane Graber (stgra...@ubuntu.com):
> > On 05/01/2013 06:51 AM, Serge Hallyn wrote:
> > > Don't allow write to /dev/rtc0, and remove sys_time (in any
> > > templates which drop any capabilities)
> > >
> > > Reported-by: Christoph
Quoting Stéphane Graber (stgra...@ubuntu.com):
> On 05/01/2013 06:51 AM, Serge Hallyn wrote:
> > Don't allow write to /dev/rtc0, and remove sys_time (in any templates
> > which drop any capabilities)
> >
> > Reported-by: Christoph Mitasch
> > Signed-off-by: Serge Hallyn
>
> Assuming this has be
On 05/01/2013 06:51 AM, Serge Hallyn wrote:
> Don't allow write to /dev/rtc0, and remove sys_time (in any templates
> which drop any capabilities)
>
> Reported-by: Christoph Mitasch
> Signed-off-by: Serge Hallyn
Assuming this has been tested not to prevent boot for any of the update
templates.
Don't allow write to /dev/rtc0, and remove sys_time (in any templates
which drop any capabilities)
Reported-by: Christoph Mitasch
Signed-off-by: Serge Hallyn
---
templates/lxc-alpine.in | 2 +-
templates/lxc-archlinux.in| 2 +-
templates/lxc-debian.in | 2 +-
templates/lxc-fedor
