docker/cli
1
0
Fork 0
mirror of https://github.com/docker/cli.git synced 2026-01-18 08:21:31 +03:00
Code Activity

Merge pull request #2014 from alexlarsson/allow_set_file_cap

Browse Source 
* Runtime: lxc: Allow set_file_cap capability in container
Upstream-commit: b180770b1de71f6863cfc6cfd3896a574348c018
Component: engine
This commit is contained in:
Guillaume J. Charmes
2013-10-02 14:38:50 -07:00
parent 22c64c0aa6 49b5b0c54d
commit 28014b74a7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/engine/lxc_template.go
View File

@@ -111,7 +111,7 @@ lxc.mount.entry = {{$realPath}} {{$ROOTFS}}/{{$virtualPath}} none bind,{{ if ind
# (Note: 'lxc.cap.keep' is coming soon and should replace this under the
# security principle 'deny all unless explicitly permitted', see
# http://sourceforge.net/mailarchive/message.php?msg_id=31054627 )
lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setfcap setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_boot sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config
{{end}}
# limits