mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
2a0c446866
When building images in a user-namespaced container, v3 capabilities are
stored including the root UID of the creator of the user-namespace.
This UID does not make sense outside the build environment however. If
the image is run in a non-user-namespaced runtime, or if a user-namespaced
runtime uses a different UID, the capabilities requested by the effective
bit will not be honoured by `execve(2)` due to this mismatch.
Instead, we convert v3 capabilities to v2, dropping the root UID on the
fly.
Signed-off-by: Eric Mountain <eric.mountain@datadoghq.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| testdata | ||
| archive.go | ||
| archive_linux.go | ||
| archive_linux_test.go | ||
| archive_other.go | ||
| archive_test.go | ||
| archive_unix.go | ||
| archive_unix_test.go | ||
| archive_windows.go | ||
| archive_windows_test.go | ||
| changes.go | ||
| changes_linux.go | ||
| changes_other.go | ||
| changes_posix_test.go | ||
| changes_test.go | ||
| changes_unix.go | ||
| changes_windows.go | ||
| copy.go | ||
| copy_unix.go | ||
| copy_unix_test.go | ||
| copy_windows.go | ||
| diff.go | ||
| diff_test.go | ||
| example_changes.go | ||
| README.md | ||
| time_linux.go | ||
| time_unsupported.go | ||
| utils_test.go | ||
| whiteouts.go | ||
| wrap.go | ||
| wrap_test.go | ||
This code provides helper functions for dealing with archive files.