diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2018-05-30 13:16:10 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-05-31 13:46:08 +0000 |
commit | bae80a0b663925ec751ad2784ca32989403cdc24 (patch) | |
tree | 6bf214cf2b8694d2dffc96b8a5206916c714488d /.papr_prepare.sh | |
parent | e6b088fc6ee16f6c34013484c6d6d49c543435cb (diff) | |
download | podman-bae80a0b663925ec751ad2784ca32989403cdc24.tar.gz podman-bae80a0b663925ec751ad2784ca32989403cdc24.tar.bz2 podman-bae80a0b663925ec751ad2784ca32989403cdc24.zip |
Clear all caps, except the bounding set, when --user is specified.
Currently we are giving all caps to users when running with podman run --user,
They should get none by default. If the command line includes --cap-add, then
we need to run with those capabilties. Similarly we need to drop caps from
bounding set, if user specifies --cap-drop
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #851
Approved by: mheon
Diffstat (limited to '.papr_prepare.sh')
0 files changed, 0 insertions, 0 deletions