kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/integration/build
History
Eric Mountain 2a0c446866
Use v2 capabilities in layer archives 
When building images in a user-namespaced container, v3 capabilities are
stored including the root UID of the creator of the user-namespace.

This UID does not make sense outside the build environment however. If
the image is run in a non-user-namespaced runtime, or if a user-namespaced
runtime uses a different UID, the capabilities requested by the effective
bit will not be honoured by `execve(2)` due to this mismatch.

Instead, we convert v3 capabilities to v2, dropping the root UID on the
fly.

Signed-off-by: Eric Mountain <eric.mountain@datadoghq.com>
(cherry picked from commit 95eb490780)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 		2021-05-05 21:46:31 +09:00
..
testdata Using test names instead of hardcoded ones in integration/build directory 2020-05-18 16:36:23 +01:00
build_cgroupns_linux_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
build_session_test.go bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
build_squash_test.go Using test names instead of hardcoded ones in integration/build directory 2020-05-18 16:36:23 +01:00
build_test.go Merge pull request #41430 from TBBle/40444-update-gowinio-for-8gB-file-fix 2020-09-24 11:16:10 -07:00
build_userns_linux_test.go Use v2 capabilities in layer archives 2021-05-05 21:46:31 +09:00
main_test.go testutil: make testing packages public 2019-09-11 07:47:23 -05:00