moby/daemon
Samuel Karp 0d9a37d0c2
oci: inheritable capability set should be empty
The Linux kernel never sets the Inheritable capability flag to anything
other than empty.  Moby should have the same behavior, and leave it to
userspace code within the container to set a non-empty value if desired.

Reported-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Samuel Karp <skarp@amazon.com>
2022-02-08 14:33:44 -08:00
..
cluster refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
config daemon: remove discovery-related config handling 2022-01-06 18:28:17 +01:00
events api/types/events: add "Type" type for event-type enum 2021-08-23 21:14:55 +02:00
exec Handle blocked I/O of exec'd processes 2019-06-21 12:02:15 -04:00
graphdriver Use syscall.Timespec.Unix 2022-01-03 16:51:02 +01:00
images Merge pull request #43174 from thaJeztah/move_platformcheck 2022-01-26 14:08:44 +09:00
initlayer Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
links daemon: normalize comment formatting 2019-11-27 15:43:53 +01:00
listeners Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
logger Merge pull request #43139 from samuelkarp/awslogs-tests 2022-01-13 15:31:15 +01:00
names Add canonical import comment 2018-02-05 16:51:57 -05:00
network Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
stats Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
testdata Remove libtrust dep from api 2017-09-06 12:05:19 -04:00
apparmor_default.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
apparmor_default_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
archive.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
archive_tarcopyoptions.go Add ADD/COPY --chown flag support to Windows 2018-08-13 21:59:11 -07:00
archive_tarcopyoptions_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
archive_tarcopyoptions_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
archive_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
archive_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
attach.go Replace errors.Cause() with errors.Is() / errors.As() 2020-04-29 00:28:41 +02:00
auth.go Switch from x/net/context -> context 2018-04-23 13:52:44 -07:00
changes.go daemon: add "isWindows" const 2019-10-17 23:49:43 +02:00
checkpoint.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
cluster.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
commit.go daemon: add "isWindows" const 2019-10-17 23:49:43 +02:00
configs.go Merge configs/secrets in unix implementation 2018-02-16 11:25:14 -05:00
configs_linux.go Add canonical import comment 2018-02-05 16:51:57 -05:00
configs_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
configs_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
container.go Merge pull request #42616 from thaJeztah/migrate_pkg_signal 2021-07-26 10:47:28 -07:00
container_linux.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
container_operations.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
container_operations_unix.go Lock down docker root dir perms. 2021-10-05 09:57:00 +02:00
container_operations_windows.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
container_unix_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
container_windows.go daemon: fix capitalization of some functions 2020-04-14 17:22:19 +02:00
content.go Store image manifests in containerd content store 2020-11-05 20:02:18 +00:00
create.go Lock down docker root dir perms. 2021-10-05 09:57:00 +02:00
create_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
create_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
create_windows.go daemon, oci: remove LCOW bits 2021-07-27 13:35:59 +02:00
daemon.go daemon: remove daemon.discoveryWatcher 2022-01-06 18:28:22 +01:00
daemon_linux.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
daemon_linux_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
daemon_test.go daemon: remove discovery inits 2022-01-06 18:28:21 +01:00
daemon_unix.go Merge pull request #42785 from sanchayanghosh/42753-fix-host.internal 2021-11-16 13:26:20 +09:00
daemon_unix_test.go daemon: remove discovery related tests 2022-01-06 18:28:10 +01:00
daemon_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
daemon_windows.go Merge pull request #42726 from thaJeztah/daemon_simplify_nwconfig 2021-11-12 01:19:07 +09:00
daemon_windows_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
debugtrap_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
debugtrap_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
debugtrap_windows.go pkg/signal: move signal.DumpStacks() to a separate package 2021-07-15 18:09:43 +02:00
delete.go vendor: opencontainers/selinux v1.8.0, and remove selinux build-tag and stubs 2020-12-24 00:47:16 +01:00
delete_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
dependency.go Add canonical import comment 2018-02-05 16:51:57 -05:00
devices_linux.go Add DeviceRequests to HostConfig to support NVIDIA GPUs 2019-03-18 17:19:45 +00:00
disk_usage.go daemon,volume: share disk usage computations 2021-08-09 19:59:39 +02:00
errors.go Error string match: do not match command path 2021-04-14 23:03:18 +00:00
events.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
events_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
exec.go replace pkg/signal with moby/sys/signal v0.5.0 2021-07-23 09:32:54 +02:00
exec_linux.go oci: inheritable capability set should be empty 2022-02-08 14:33:44 -08:00
exec_linux_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
exec_windows.go Windows: (WCOW) Generate OCI spec that remote runtime can escape 2019-03-12 18:41:55 -07:00
export.go remove layerstore indexing by OS (used for LCOW) 2021-06-10 17:49:11 +02:00
health.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
health_test.go daemon: suppress logs in unit tests 2019-10-18 00:57:56 +02:00
info.go daemon: remove discovery-related config handling 2022-01-06 18:28:17 +01:00
info_unix.go Merge pull request #42152 from AkihiroSuda/fix-rootless-info-42151 2021-11-08 14:45:11 -08:00
info_unix_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
info_windows.go Make cgroup namespaces configurable 2019-05-07 10:22:16 -07:00
inspect.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
inspect_linux.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
inspect_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
inspect_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
keys.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
keys_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
kill.go replace pkg/signal with moby/sys/signal v0.5.0 2021-07-23 09:32:54 +02:00
licensing.go Expose license status in Info (#37612) 2018-08-17 17:05:21 -07:00
licensing_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
links.go Add canonical import comment 2018-02-05 16:51:57 -05:00
list.go daemon: var-declaration: should omit type bool (revive) 2021-06-10 13:03:45 +02:00
list_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
list_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
list_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
logdrivers_linux.go Support configuration of log cacher. 2020-02-19 17:02:34 -05:00
logdrivers_windows.go Support configuration of log cacher. 2020-02-19 17:02:34 -05:00
logs.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
logs_test.go Add canonical import comment 2018-02-05 16:51:57 -05:00
metrics.go daemon: rename all receivers to "daemon" 2020-04-14 17:22:21 +02:00
metrics_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
metrics_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
monitor.go Move container exit state to after cleanup. 2021-01-28 11:28:41 -08:00
mounts.go Extract volume interaction to a volumes service 2018-05-25 14:21:07 -04:00
names.go Entropy cannot be saved 2019-06-07 11:54:45 +01:00
network.go reformat "nolint" comments 2021-06-10 13:03:42 +02:00
network_windows.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
nvidia_linux.go goimports: fix imports 2019-09-18 12:56:54 +02:00
oci_linux.go daemon.WithDevices(): use containerd's HostDevices() 2021-12-01 15:42:18 +01:00
oci_linux_test.go daemon.WithCommonOptions() fix detection of user-namespaces 2021-08-30 19:48:29 +02:00
oci_utils.go goimports: fix imports 2019-09-18 12:56:54 +02:00
oci_windows.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
oci_windows_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
pause.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
prune.go Fixup libnetwork lint errors 2021-06-01 23:48:32 +00:00
reload.go daemon: remove discovery-related config handling 2022-01-06 18:28:17 +01:00
reload_test.go daemon: remove discovery inits 2022-01-06 18:28:21 +01:00
reload_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
reload_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
rename.go Fix libnetwork imports 2021-06-01 21:51:23 +00:00
resize.go Merge pull request #38522 from cpuguy83/fix_timers 2019-06-07 13:16:46 +02:00
resize_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
restart.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
runtime_unix.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
runtime_windows.go Add shim config for custom runtimes for plugins 2021-01-14 19:28:28 +00:00
seccomp_disabled.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
seccomp_linux.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
seccomp_linux_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
seccomp_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
secrets.go Add canonical import comment 2018-02-05 16:51:57 -05:00
secrets_linux.go Add canonical import comment 2018-02-05 16:51:57 -05:00
secrets_unsupported.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
secrets_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
start.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
start_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
start_windows.go Windows CI: Add support for testing with containerd 2021-08-17 07:09:40 -07:00
stats.go Merge pull request #40478 from cpuguy83/dont-prime-the-stats 2020-04-16 20:57:06 +02:00
stats_collector.go Add canonical import comment 2018-02-05 16:51:57 -05:00
stats_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
stats_windows.go Add canonical import comment 2018-02-05 16:51:57 -05:00
stop.go Fix log statement 'failed to exit' timeout accuracy 2021-06-08 13:37:58 -07:00
top_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
top_unix_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
top_windows.go goimports: fix imports 2019-09-18 12:56:54 +02:00
trustkey.go Allow system.MkDirAll() to be used as drop-in for os.MkDirAll() 2019-08-08 15:05:49 +02:00
trustkey_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
unpause.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
update.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
update_linux.go goimports: fix imports 2019-09-18 12:56:54 +02:00
update_windows.go Windows: Experimental: Allow containerd for runtime 2019-03-12 18:41:55 -07:00
util_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
volumes.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
volumes_linux.go Fix the several typos detected by github.com/client9/misspell 2018-08-09 00:45:00 +09:00
volumes_linux_test.go daemon: rename variables that collide with imported package names 2020-04-14 17:22:23 +02:00
volumes_unit_test.go volume/mounts: remove "containerOS" argument from NewParser (LCOW code) 2021-07-02 13:51:55 +02:00
volumes_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
volumes_unix_test.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
volumes_windows.go Add ADD/COPY --chown flag support to Windows 2018-08-13 21:59:11 -07:00
wait.go Switch from x/net/context -> context 2018-04-23 13:52:44 -07:00
workdir.go Add ADD/COPY --chown flag support to Windows 2018-08-13 21:59:11 -07:00