moby/oci
Samuel Karp 0d9a37d0c2
oci: inheritable capability set should be empty
The Linux kernel never sets the Inheritable capability flag to anything
other than empty.  Moby should have the same behavior, and leave it to
userspace code within the container to set a non-empty value if desired.

Reported-by: Andrew G. Morgan <morgan@kernel.org>
Signed-off-by: Samuel Karp <skarp@amazon.com>
2022-02-08 14:33:44 -08:00
..
caps oci/caps: limit available capabilities to current environment 2021-10-15 16:12:26 +02:00
fixtures Fix permissions on oci fixtures files 2020-11-27 10:29:47 +07:00
defaults.go oci: inheritable capability set should be empty 2022-02-08 14:33:44 -08:00
devices_linux.go replace uses of deprecated libcontainer/configs.Device 2021-06-02 17:55:51 +02:00
devices_linux_test.go replace uses of deprecated libcontainer/configs.Device 2021-06-02 17:55:51 +02:00
namespaces.go goimports: fix imports 2019-09-18 12:56:54 +02:00
oci.go oci: inheritable capability set should be empty 2022-02-08 14:33:44 -08:00
oci_test.go Fix daemon panic when starting container with invalid device cgroup rule 2021-01-22 16:02:19 +01:00
seccomp_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00