youki

mirror of https://github.com/containers/youki synced 2024-11-23 17:32:15 +01:00

History

Jorge Prendes 2ff8b97e67 Do not try to acquire capabilities we are not allowed to (#2000 ) Currently reset_effective tries to acquire all know capabilities from a hardcoded list. According to https://man7.org/linux/man-pages/man7/capabilities.7.html only capabilities in the permitted set can be acquired. Trying to acquire a capability beyond those in the permitted set will result in EPERM (see https://man7.org/linux/man-pages/man2/capset.2.html). This change modifies reset_effective so that it only acquires the capabilities in the permitted set. Signed-off-by: Jorge Prendes <jorge.prendes@gmail.com>		2023-06-06 01:26:33 -07:00
..
libcgroups
libcontainer	Do not try to acquire capabilities we are not allowed to (#2000 )	2023-06-06 01:26:33 -07:00
liboci-cli
youki
.gitignore
justfile