docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't drop CAP_FOWNER in the container. Also sorts the list of allowed 

capabilities.

Docker-DCO-1.1-Signed-off-by: Victor Marmol <vmarmol@google.com> (github: vmarmol)
This commit is contained in:
Victor Marmol 2014-05-19 16:45:52 +00:00
parent e5422e212f
commit 0abad3ae22
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
daemon/execdriver/native/template/default_template.go
View File

@ -10,12 +10,13 @@ import (
func New() *libcontainer.Container { func New() *libcontainer.Container {
container := &libcontainer.Container{ container := &libcontainer.Container{
Capabilities: []string{ Capabilities: []string{
"MKNOD",
"SETUID",
"SETGID",
"CHOWN", "CHOWN",
"NET_RAW",
"DAC_OVERRIDE", "DAC_OVERRIDE",
"FOWNER",
"MKNOD",
"NET_RAW",
"SETGID",
"SETUID",
}, },
Namespaces: map[string]bool{ Namespaces: map[string]bool{
"NEWNS": true, "NEWNS": true,