Eiichi Tsukata cac0cea03f drop CAP_SYSLOG capability ... Kernel capabilities for privileged syslog operations are currently splitted into CAP_SYS_ADMIN and CAP_SYSLOG since the following commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce6ada35bdf710d16582cc4869c26722547e6f11 This patch drops CAP_SYSLOG to prevent containers from messing with host's syslog (e.g. `dmesg -c` clears up host's printk ring buffer). Closes #5491 Docker-DCO-1.1-Signed-off-by: Eiichi Tsukata <devel@etsukata.com> (github: Etsukata) Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)		2014-05-01 11:43:55 -07:00
..
execdriver	drop CAP_SYSLOG capability	2014-05-01 11:43:55 -07:00
graphdriver	Update process labels to be set at create not start	2014-04-29 03:40:05 -07:00
networkdriver	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
container.go	Timestamps for docker logs.	2014-05-01 20:40:36 +04:00
container_unit_test.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
daemon.go	Do not return labels when in privileged mode	2014-04-29 03:40:06 -07:00
daemon_aufs.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
daemon_btrfs.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
daemon_devicemapper.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
daemon_no_aufs.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
history.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
network_settings.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
server.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
sorter.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
state.go	container: Remove Ghost state	2014-04-22 09:49:53 +02:00
utils.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
utils_test.go	Rename runtime/* to daemon/*	2014-04-17 14:43:01 -07:00
volumes.go	Initial work on selinux patch	2014-04-29 03:40:05 -07:00