485cf38d48
In situations where docker runs in an environment where capabilities are limited, sucn as docker-in-docker in a container created by older versions of docker, or in a container where some capabilities have been disabled, starting a privileged container may fail, because even though the _kernel_ supports a capability, the capability is not available. This patch attempts to address this problem by limiting the list of "known" capa- bilities on the set of effective capabilties for the current process. This code is based on the code in containerd's "caps" package. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| caps | ||
| fixtures | ||
| defaults.go | ||
| devices_linux.go | ||
| devices_linux_test.go | ||
| namespaces.go | ||
| oci.go | ||
| oci_test.go | ||
| seccomp_test.go | ||