summaryrefslogtreecommitdiff
path: root/libpod/oci.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-12-23 14:46:25 -0500
committerDaniel J Walsh <dwalsh@redhat.com>2021-01-07 05:53:07 -0500
commit9ebde6e03a575081dd23123fe7ecc4fb6afc037a (patch)
treedb474f2c1e4e3e7e658c77ce03c25bc683ee7b60 /libpod/oci.go
parent68c9e02df72cbdfb2d239fb1de020bc1e0dabad3 (diff)
downloadpodman-9ebde6e03a575081dd23123fe7ecc4fb6afc037a.tar.gz
podman-9ebde6e03a575081dd23123fe7ecc4fb6afc037a.tar.bz2
podman-9ebde6e03a575081dd23123fe7ecc4fb6afc037a.zip
Containers should not get inheritable caps by default
When I launch a container with --userns=keep-id the rootless processes should have no caps by default even if I launch the container with --privileged. It should only get the caps if I specify by hand the caps I want leaked to the process. Currently we turn off capeff and capamb, but not capinh. This patch treats capinh the same way as capeff and capamb. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod/oci.go')
0 files changed, 0 insertions, 0 deletions