485cf38d48
In situations where docker runs in an environment where capabilities are limited, sucn as docker-in-docker in a container created by older versions of docker, or in a container where some capabilities have been disabled, starting a privileged container may fail, because even though the _kernel_ supports a capability, the capability is not available. This patch attempts to address this problem by limiting the list of "known" capa- bilities on the set of effective capabilties for the current process. This code is based on the code in containerd's "caps" package. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
---|---|---|
.. | ||
defaults.go | ||
utils.go | ||
utils_linux.go | ||
utils_other.go |