52f12a12af
Implements the policies for the remaining binaries called by the Docker engine and eliminates the giant whitelisted 'all files' permission in favor of granular whitelisting and child-specific policies. It should be possible now to remove the 'file' permission, but for the sake of keeping Docker unbroken, we'll try to gradually tighten the policy. Signed-off-by: Eric Windisch <eric@windisch.us> Upstream-commit: 8b2fcddcd251e58473abf6c4949573e03f44bb96 Component: engine