265f7a37bd
Only open_by_handle_at requires CAP_DAC_READ_SEARCH.
This allows systemd to run with only `--cap-add SYS_ADMIN`
rather than having to also add `--cap-add DAC_READ_SEARCH`
as well which it does not really need.
Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit
|
||
---|---|---|
.. | ||
fixtures | ||
default.json | ||
generate.go | ||
seccomp.go | ||
seccomp_default.go | ||
seccomp_test.go | ||
seccomp_unsupported.go |