a38b96b8cd
This prevents docker from setting CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
capabilities on privileged (or CAP_ALL) containers on Kernel 5.8 and up.
While these kernels support these capabilities, the current release of
runc ships with an older version of /gocapability/capability, and does
not know about them, causing an error to be produced.
We can remove this restriction once
|
||
---|---|---|
.. | ||
caps | ||
fixtures | ||
defaults.go | ||
devices_linux.go | ||
devices_unsupported.go | ||
namespaces.go | ||
oci.go | ||
seccomp_test.go |