We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
moby
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Don't drop CAP_FOWNER in the container. Also sorts the list of allowed
capabilities.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)

Victor Marmol 11 anni fa
parent
e5422e212f
commit
0abad3ae22
1 ha cambiato i file con 5 aggiunte e 4 eliminazioni
Visualizzazione unificata Mostra Diff Stats
  1. 5 4
      daemon/execdriver/native/template/default_template.go

+ 5 - 4
daemon/execdriver/native/template/default_template.go
Vedi File 

@@ -10,12 +10,13 @@ import (
 
 func New() *libcontainer.Container {
 
 func New() *libcontainer.Container {
 
 	container := &libcontainer.Container{
 
 	container := &libcontainer.Container{
 
 		Capabilities: []string{
 
 		Capabilities: []string{
 
-			"MKNOD",
 
-			"SETUID",
 
-			"SETGID",
 
 			"CHOWN",
 
 			"CHOWN",
 
-			"NET_RAW",
 
 			"DAC_OVERRIDE",
 
 			"DAC_OVERRIDE",
 
+			"FOWNER",
 
+			"MKNOD",
 
+			"NET_RAW",
 
+			"SETGID",
 
+			"SETUID",
 
 		},
 
 		},
 
 		Namespaces: map[string]bool{
 
 		Namespaces: map[string]bool{
 
 			"NEWNS":  true,
 
 			"NEWNS":  true,

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5