github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #155 from miaoyq/support-nonewprivileges

Browse Source 
Support NoNewPrivileges
This commit is contained in:
Lantao Liu
2017-08-23 20:58:38 -07:00
committed by GitHub
parent 60c7f5127e 1aec120d5f
commit 2faa665eb2
3 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/server/container_create.go
View File

@@ -244,6 +244,9 @@ func (c *criContainerdService) generateContainerSpec(id string, sandboxPid uint3
// TODO(random-liu): [P1] Set selinux options.
// TODO(random-liu): [P2] Add apparmor and seccomp.
// TODO: Figure out whether we should set no new privilege for sandbox container by default
g.SetProcessNoNewPrivileges(securityContext.GetNoNewPrivs())
}
g.SetRootReadonly(securityContext.GetReadonlyRootfs())