github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Support NoNewPrivileges

Browse Source 
fixes #117

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
This commit is contained in:
Yanqiang Miao
2017-08-23 09:45:44 +08:00
parent 810ffbb9b6
commit 1aec120d5f
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/server/container_create.go
View File

@@ -214,6 +214,9 @@ func (c *criContainerdService) generateContainerSpec(id string, sandboxPid uint3
// TODO(random-liu): [P1] Set selinux options.
// TODO(random-liu): [P2] Add apparmor and seccomp.
// TODO: Figure out whether we should set no new privilege for sandbox container by default
g.SetProcessNoNewPrivileges(securityContext.GetNoNewPrivs())
}
g.SetRootReadonly(securityContext.GetReadonlyRootfs())