docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11304 from allir/patch-1 

Change wording for setting capabilities lists
This commit is contained in:
Sebastiaan van Stijn 2020-08-27 17:18:46 +02:00 committed by GitHub
parent c9f8d88959 51cf315c4e
commit 270087d9ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
engine/security/security.md
View File

@ -192,7 +192,7 @@ This doesn't affect regular web apps, but reduces the vectors of attack by
malicious users considerably. By default Docker malicious users considerably. By default Docker
drops all capabilities except [those drops all capabilities except [those
needed](https://github.com/moby/moby/blob/master/oci/defaults.go#L14-L30), needed](https://github.com/moby/moby/blob/master/oci/defaults.go#L14-L30),
a whitelist instead of a blacklist approach. You can see a full list of an allowlist instead of a denylist approach. You can see a full list of
available capabilities in [Linux available capabilities in [Linux
manpages](http://man7.org/linux/man-pages/man7/capabilities.7.html). manpages](http://man7.org/linux/man-pages/man7/capabilities.7.html).