0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #4059 from alexlarsson/no-netadmin-caps

Browse source 
lxc: Drop NET_ADMIN capability in non-privileged containers
This commit is contained in:
Michael Crosby 2014-02-11 14:20:34 -05:00
commit 3c215ba410
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
execdriver/lxc/init.go
View file

@ -120,6 +120,7 @@ func setupCapabilities(args *execdriver.InitArgs) error {
capability.CAP_AUDIT_CONTROL,
capability.CAP_MAC_OVERRIDE,
capability.CAP_MAC_ADMIN,
capability.CAP_NET_ADMIN,
}
c, err := capability.NewPid(os.Getpid())