Skip to content

Commit 0b6fe92

Browse files
author
Ma Shimiao
committed
generate: remove default capabilities
The runtime-spec doesn't say process in container should have such default capabilities, so remove them. Signed-off-by: Ma Shimiao <[email protected]>
1 parent 8addcc6 commit 0b6fe92

File tree

1 file changed

+0
-82
lines changed

1 file changed

+0
-82
lines changed

generate/generate.go

Lines changed: 0 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -54,88 +54,6 @@ func New() Generator {
5454
"TERM=xterm",
5555
},
5656
Cwd: "/",
57-
Capabilities: &rspec.LinuxCapabilities{
58-
Bounding: []string{
59-
"CAP_CHOWN",
60-
"CAP_DAC_OVERRIDE",
61-
"CAP_FSETID",
62-
"CAP_FOWNER",
63-
"CAP_MKNOD",
64-
"CAP_NET_RAW",
65-
"CAP_SETGID",
66-
"CAP_SETUID",
67-
"CAP_SETFCAP",
68-
"CAP_SETPCAP",
69-
"CAP_NET_BIND_SERVICE",
70-
"CAP_SYS_CHROOT",
71-
"CAP_KILL",
72-
"CAP_AUDIT_WRITE",
73-
},
74-
Permitted: []string{
75-
"CAP_CHOWN",
76-
"CAP_DAC_OVERRIDE",
77-
"CAP_FSETID",
78-
"CAP_FOWNER",
79-
"CAP_MKNOD",
80-
"CAP_NET_RAW",
81-
"CAP_SETGID",
82-
"CAP_SETUID",
83-
"CAP_SETFCAP",
84-
"CAP_SETPCAP",
85-
"CAP_NET_BIND_SERVICE",
86-
"CAP_SYS_CHROOT",
87-
"CAP_KILL",
88-
"CAP_AUDIT_WRITE",
89-
},
90-
Inheritable: []string{
91-
"CAP_CHOWN",
92-
"CAP_DAC_OVERRIDE",
93-
"CAP_FSETID",
94-
"CAP_FOWNER",
95-
"CAP_MKNOD",
96-
"CAP_NET_RAW",
97-
"CAP_SETGID",
98-
"CAP_SETUID",
99-
"CAP_SETFCAP",
100-
"CAP_SETPCAP",
101-
"CAP_NET_BIND_SERVICE",
102-
"CAP_SYS_CHROOT",
103-
"CAP_KILL",
104-
"CAP_AUDIT_WRITE",
105-
},
106-
Effective: []string{
107-
"CAP_CHOWN",
108-
"CAP_DAC_OVERRIDE",
109-
"CAP_FSETID",
110-
"CAP_FOWNER",
111-
"CAP_MKNOD",
112-
"CAP_NET_RAW",
113-
"CAP_SETGID",
114-
"CAP_SETUID",
115-
"CAP_SETFCAP",
116-
"CAP_SETPCAP",
117-
"CAP_NET_BIND_SERVICE",
118-
"CAP_SYS_CHROOT",
119-
"CAP_KILL",
120-
"CAP_AUDIT_WRITE",
121-
},
122-
Ambient: []string{
123-
"CAP_CHOWN",
124-
"CAP_DAC_OVERRIDE",
125-
"CAP_FSETID",
126-
"CAP_FOWNER",
127-
"CAP_MKNOD",
128-
"CAP_NET_RAW",
129-
"CAP_SETGID",
130-
"CAP_SETUID",
131-
"CAP_SETFCAP",
132-
"CAP_SETPCAP",
133-
"CAP_NET_BIND_SERVICE",
134-
"CAP_SYS_CHROOT",
135-
"CAP_KILL",
136-
"CAP_AUDIT_WRITE",
137-
},
138-
},
13957
Rlimits: []rspec.LinuxRlimit{
14058
{
14159
Type: "RLIMIT_NOFILE",

0 commit comments

Comments
 (0)