Skip to content

Commit 7a44910

Browse files
kolyshkinkolyshkin
committed
libct/README: simplify example, rm inheritable caps
The example is too long since it lists too many capabilities. Simplify it, leaving only two capabilities. Also, remove ambient capabilities from the set. Inheritable capabilities were removed earlier by commit 98fe566, but ambient capabilities can't be raised without inheritable ones. Fixes: 98fe566 Signed-off-by: Kir Kolyshkin <[email protected]>
1 parent 0de1953 commit 7a44910

File tree

1 file changed

+0
-52
lines changed

1 file changed

+0
-52
lines changed

libcontainer/README.md

Lines changed: 0 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -59,66 +59,14 @@ config := &configs.Config{
5959
Rootfs: "/your/path/to/rootfs",
6060
Capabilities: &configs.Capabilities{
6161
Bounding: []string{
62-
"CAP_CHOWN",
63-
"CAP_DAC_OVERRIDE",
64-
"CAP_FSETID",
65-
"CAP_FOWNER",
66-
"CAP_MKNOD",
67-
"CAP_NET_RAW",
68-
"CAP_SETGID",
69-
"CAP_SETUID",
70-
"CAP_SETFCAP",
71-
"CAP_SETPCAP",
72-
"CAP_NET_BIND_SERVICE",
73-
"CAP_SYS_CHROOT",
7462
"CAP_KILL",
7563
"CAP_AUDIT_WRITE",
7664
},
7765
Effective: []string{
78-
"CAP_CHOWN",
79-
"CAP_DAC_OVERRIDE",
80-
"CAP_FSETID",
81-
"CAP_FOWNER",
82-
"CAP_MKNOD",
83-
"CAP_NET_RAW",
84-
"CAP_SETGID",
85-
"CAP_SETUID",
86-
"CAP_SETFCAP",
87-
"CAP_SETPCAP",
88-
"CAP_NET_BIND_SERVICE",
89-
"CAP_SYS_CHROOT",
9066
"CAP_KILL",
9167
"CAP_AUDIT_WRITE",
9268
},
9369
Permitted: []string{
94-
"CAP_CHOWN",
95-
"CAP_DAC_OVERRIDE",
96-
"CAP_FSETID",
97-
"CAP_FOWNER",
98-
"CAP_MKNOD",
99-
"CAP_NET_RAW",
100-
"CAP_SETGID",
101-
"CAP_SETUID",
102-
"CAP_SETFCAP",
103-
"CAP_SETPCAP",
104-
"CAP_NET_BIND_SERVICE",
105-
"CAP_SYS_CHROOT",
106-
"CAP_KILL",
107-
"CAP_AUDIT_WRITE",
108-
},
109-
Ambient: []string{
110-
"CAP_CHOWN",
111-
"CAP_DAC_OVERRIDE",
112-
"CAP_FSETID",
113-
"CAP_FOWNER",
114-
"CAP_MKNOD",
115-
"CAP_NET_RAW",
116-
"CAP_SETGID",
117-
"CAP_SETUID",
118-
"CAP_SETFCAP",
119-
"CAP_SETPCAP",
120-
"CAP_NET_BIND_SERVICE",
121-
"CAP_SYS_CHROOT",
12270
"CAP_KILL",
12371
"CAP_AUDIT_WRITE",
12472
},

0 commit comments

Comments
 (0)