p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ea7fd73f3c7b939d3da5728e0765dd2011c00a3a
docker-cli/components/engine/profiles/seccomp
History
Justin Cormack d430eb5c8c Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH 
Only open_by_handle_at requires CAP_DAC_READ_SEARCH.

This allows systemd to run with only `--cap-add SYS_ADMIN`
rather than having to also add `--cap-add DAC_READ_SEARCH`
as well which it does not really need.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
Upstream-commit: c1ca124682a90f3306b34ad104ba80e413f7bf88
Component: engine
2016-08-10 12:22:36 +01:00
..
fixtures
move default seccomp profile into package
2016-01-21 16:55:29 -08:00
default.json
Move mlock back into the default ungated seccomp profile
2016-06-15 16:25:27 -04:00
generate.go
Align default seccomp profile with selected capabilities
2016-05-11 09:30:23 +01:00
seccomp_default.go
Gate name_to_handle_at by CAP_SYS_ADMIN not CAP_DAC_READ_SEARCH
2016-08-10 12:22:36 +01:00
seccomp_test.go
add seccomp default profile fix tests
2016-02-19 13:32:54 -08:00
seccomp_unsupported.go
Align default seccomp profile with selected capabilities
2016-05-11 09:30:23 +01:00
seccomp.go
Align default seccomp profile with selected capabilities
2016-05-11 09:30:23 +01:00