Merge pull request #4059 from alexlarsson/no-netadmin-caps

lxc: Drop NET_ADMIN capability in non-privileged containers
2014-02-11 14:20:34 -05:00 · 2014-02-11 14:20:34 -05:00 · 3c215ba410
parent 2975ba6f73 02fddffd51
commit 3c215ba410
1 changed files with 1 additions and 0 deletions
--- a/execdriver/lxc/init.go
+++ b/execdriver/lxc/init.go
@ -120,6 +120,7 @@ func setupCapabilities(args *execdriver.InitArgs) error {
 		capability.CAP_AUDIT_CONTROL,
 		capability.CAP_MAC_OVERRIDE,
 		capability.CAP_MAC_ADMIN,
+		capability.CAP_NET_ADMIN,
 	}

 	c, err := capability.NewPid(os.Getpid())