kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity
moby--moby/profiles/seccomp
History
Justin Cormack c1ca124682 Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH 
Only open_by_handle_at requires CAP_DAC_READ_SEARCH.

This allows systemd to run with only `--cap-add SYS_ADMIN`
rather than having to also add `--cap-add DAC_READ_SEARCH`
as well which it does not really need.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 		2016-08-10 12:22:36 +01:00
..
fixtures
default.json Move mlock back into the default ungated seccomp profile 2016-06-15 16:25:27 -04:00
generate.go Align default seccomp profile with selected capabilities 2016-05-11 09:30:23 +01:00
seccomp.go Align default seccomp profile with selected capabilities 2016-05-11 09:30:23 +01:00
seccomp_default.go Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH 2016-08-10 12:22:36 +01:00
seccomp_test.go add seccomp default profile fix tests 2016-02-19 13:32:54 -08:00
seccomp_unsupported.go Align default seccomp profile with selected capabilities 2016-05-11 09:30:23 +01:00