do not set the inheritable capabilities - containers/podman.git - forked from: https://github.com/containers/podman.git

diff options

author	Giuseppe Scrivano <gscrivan@redhat.com>	2022-02-28 09:48:52 +0100
committer	Matthew Heon <mheon@redhat.com>	2022-04-12 14:27:41 -0400
commit	8292fc0a4447bd744d86938a76f53f9a3618987c (patch)
tree	c1c23781cfb9bf1b2ecd9ec9d9530bcadd1c0920 /test/test_podman_baseline.sh
parent	02bd13031eaf7d62ab976aed1696726b6d055dbf (diff)
download	podman-8292fc0a4447bd744d86938a76f53f9a3618987c.tar.gz podman-8292fc0a4447bd744d86938a76f53f9a3618987c.tar.bz2 podman-8292fc0a4447bd744d86938a76f53f9a3618987c.zip

do not set the inheritable capabilities

The kernel never sets the inheritable capabilities for a process, they are only set by userspace. Emulate the same behavior. Closes: CVE-2022-27649 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> (cherry picked from commit aafa80918a245edcbdaceb1191d749570f1872d0)

Diffstat (limited to 'test/test_podman_baseline.sh')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: