diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-12-23 14:46:25 -0500 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2021-01-07 05:53:07 -0500 |
commit | 9ebde6e03a575081dd23123fe7ecc4fb6afc037a (patch) | |
tree | db474f2c1e4e3e7e658c77ce03c25bc683ee7b60 /libpod/oci.go | |
parent | 68c9e02df72cbdfb2d239fb1de020bc1e0dabad3 (diff) | |
download | podman-9ebde6e03a575081dd23123fe7ecc4fb6afc037a.tar.gz podman-9ebde6e03a575081dd23123fe7ecc4fb6afc037a.tar.bz2 podman-9ebde6e03a575081dd23123fe7ecc4fb6afc037a.zip |
Containers should not get inheritable caps by default
When I launch a container with --userns=keep-id the rootless processes
should have no caps by default even if I launch the container with
--privileged. It should only get the caps if I specify by hand the
caps I want leaked to the process.
Currently we turn off capeff and capamb, but not capinh. This patch
treats capinh the same way as capeff and capamb.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod/oci.go')
0 files changed, 0 insertions, 0 deletions