kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Don't drop CAP_FOWNER in the container. Also sorts the list of allowed

Browse source 
capabilities.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
This commit is contained in:
Victor Marmol 2014-05-19 16:45:52 +00:00
parent e5422e212f
commit 0abad3ae22
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
daemon/execdriver/native/template/default_template.go
View file

@ -10,12 +10,13 @@ import (
func New() *libcontainer.Container {
container := &libcontainer.Container{
Capabilities: []string{
"MKNOD",
"SETUID",
"SETGID",
"CHOWN",
"NET_RAW",
"DAC_OVERRIDE",
"FOWNER",
"MKNOD",
"NET_RAW",
"SETGID",
"SETUID",
},
Namespaces: map[string]bool{
"NEWNS": true,