p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7,874 Commits 2 Branches 295 Tags
d33d261bde9cf7c67c6c0839765573ce0bf8862f
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Eiichi Tsukata d33d261bde drop CAP_SYSLOG capability 
Kernel capabilities for privileged syslog operations are currently splitted into
CAP_SYS_ADMIN and CAP_SYSLOG since the following commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce6ada35bdf710d16582cc4869c26722547e6f11

This patch drops CAP_SYSLOG to prevent containers from messing with
host's syslog (e.g. `dmesg -c` clears up host's printk ring buffer).

Closes #5491

Docker-DCO-1.1-Signed-off-by: Eiichi Tsukata <devel@etsukata.com> (github: Etsukata)
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Upstream-commit: cac0cea03f85191b3d92cdaeae827fdd93fb1b29
Component: engine
2014-05-01 11:43:55 -07:00
components/engine
drop CAP_SYSLOG capability
2014-05-01 11:43:55 -07:00
Description
No description provided
310 MiB
Languages
Go 92%
Shell 5.5%
Dockerfile 1.1%
Go-Checksums 0.9%
Makefile 0.3%
Other 0.2%