docs/profiles at 7b9515447405ef22cdfbb02ebb9c07531934efa7 - docs

History

Justin Cormack 265f7a37bd Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH Only open_by_handle_at requires CAP_DAC_READ_SEARCH. This allows systemd to run with only `--cap-add SYS_ADMIN` rather than having to also add `--cap-add DAC_READ_SEARCH` as well which it does not really need. Signed-off-by: Justin Cormack <justin.cormack@docker.com> (cherry picked from commit c1ca124682a90f3306b34ad104ba80e413f7bf88) Signed-off-by: Tibor Vass <tibor@docker.com>	2016-08-11 17:56:50 -07:00
..
apparmor	profiles: apparmor: actually calculate version	2016-03-20 19:03:19 +11:00
seccomp	Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH	2016-08-11 17:56:50 -07:00

Justin Cormack 265f7a37bd Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH

Only open_by_handle_at requires CAP_DAC_READ_SEARCH.

This allows systemd to run with only `--cap-add SYS_ADMIN`
rather than having to also add `--cap-add DAC_READ_SEARCH`
as well which it does not really need.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit c1ca124682a90f3306b34ad104ba80e413f7bf88)
Signed-off-by: Tibor Vass <tibor@docker.com>

2016-08-11 17:56:50 -07:00

apparmor

profiles: apparmor: actually calculate version

2016-03-20 19:03:19 +11:00

seccomp

Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH

2016-08-11 17:56:50 -07:00