podman

History

Daniel J Walsh 9ebde6e03a Containers should not get inheritable caps by default When I launch a container with --userns=keep-id the rootless processes should have no caps by default even if I launch the container with --privileged. It should only get the caps if I specify by hand the caps I want leaked to the process. Currently we turn off capeff and capamb, but not capinh. This patch treats capinh the same way as capeff and capamb. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>		2021-01-07 05:53:07 -05:00
..
kube	Refactor kube.ToSpecGen parameters to struct	2020-12-23 22:59:39 +01:00
config_linux.go	security: honor systempaths=unconfined for ro paths	2020-12-09 19:26:23 +01:00
config_linux_cgo.go	Remove excessive error wrapping	2020-10-05 15:30:37 -07:00
config_linux_nocgo.go	Switch all references to github.com/containers/libpod -> podman	2020-07-28 08:23:45 -04:00
container.go	Spelling	2020-12-22 13:34:31 -05:00
container_create.go	container create: do not clear image name	2020-12-07 11:58:10 +01:00
namespaces.go	Ensure that user-specified HOSTNAME is honored	2021-01-06 09:46:21 -05:00
oci.go	Spelling	2020-12-22 13:34:31 -05:00
pod_create.go	Add support for slirp network for pods	2020-09-25 21:34:23 -04:00
ports.go	Correct port range logic for port generation	2020-12-08 16:23:14 -05:00
security.go	Containers should not get inheritable caps by default	2021-01-07 05:53:07 -05:00
storage.go	Spelling	2020-12-22 13:34:31 -05:00
validate.go	Merge pull request #8197 from giuseppe/check-cgroupv2-swap-enabled	2020-10-31 11:40:07 +01:00