containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
podman/pkg/specgen
History
Daniel J Walsh 9ebde6e03a
Containers should not get inheritable caps by default 
When I launch a container with --userns=keep-id the rootless processes
should have no caps by default even if I launch the container with
--privileged.  It should only get the caps if I specify by hand the
caps I want leaked to the process.

Currently we turn off capeff and capamb, but not capinh.  This patch
treats capinh the same way as capeff and capamb.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 		2021-01-07 05:53:07 -05:00
..
generate Containers should not get inheritable caps by default 2021-01-07 05:53:07 -05:00
config_unsupported.go Switch all references to github.com/containers/libpod -> podman 2020-07-28 08:23:45 -04:00
container_validate.go rootless container creation settings 2020-11-05 12:27:48 -06:00
namespaces.go Support --network=default as if it was private 2020-12-02 18:38:35 -05:00
pod_validate.go Spelling 2020-12-22 13:34:31 -05:00
podspecgen.go Add support for slirp network for pods 2020-09-25 21:34:23 -04:00
specgen.go Spelling 2020-12-22 13:34:31 -05:00
volumes.go Merge branch 'master' into patch-1 2020-11-30 15:58:23 +01:00