moby/oci
Samuel Karp dd38613d0c
oci: inheritable capability set should be empty
The Linux kernel never sets the Inheritable capability flag to anything
other than empty.  Moby should have the same behavior, and leave it to
userspace code within the container to set a non-empty value if desired.

Reported-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Samuel Karp <skarp@amazon.com>
(cherry picked from commit 0d9a37d0c2)
Signed-off-by: Samuel Karp <skarp@amazon.com>
2022-03-17 14:17:00 -07:00
..
caps Temporarily disable CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE 2020-10-16 17:52:27 +02:00
fixtures Fix permissions on oci fixtures files 2020-11-27 10:29:47 +07:00
defaults.go oci: inheritable capability set should be empty 2022-03-17 14:17:00 -07:00
devices_linux.go vendor runc 67169a9d43456ff0d5ae12b967acb8e366e2f181 2020-07-30 16:16:11 +00:00
devices_unsupported.go Add canonical import comment 2018-02-05 16:51:57 -05:00
namespaces.go goimports: fix imports 2019-09-18 12:56:54 +02:00
oci.go oci: inheritable capability set should be empty 2022-03-17 14:17:00 -07:00
oci_test.go Fix daemon panic when starting container with invalid device cgroup rule 2021-02-17 21:16:01 +01:00
seccomp_test.go oci: add tests for loading seccomp profiles 2020-09-29 20:15:43 +02:00