github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Vendor containerd 2386062 and runtime-tools e29f3ca.

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
2017-07-31 17:32:17 +00:00
parent 73748840da
commit a4f7f7127b
360 changed files with 54116 additions and 28629 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go generated vendored
View File

@@ -370,26 +370,25 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
var sysCloneFlagsIndex uint
capSysAdmin := false
var cap string
var caps []string
caps := make(map[string]bool)
for _, cap = range rs.Process.Capabilities.Bounding {
caps = append(caps, cap)
for _, cap := range rs.Process.Capabilities.Bounding {
caps[cap] = true
}
for _, cap = range rs.Process.Capabilities.Effective {
caps = append(caps, cap)
for _, cap := range rs.Process.Capabilities.Effective {
caps[cap] = true
}
for _, cap = range rs.Process.Capabilities.Inheritable {
caps = append(caps, cap)
for _, cap := range rs.Process.Capabilities.Inheritable {
caps[cap] = true
}
for _, cap = range rs.Process.Capabilities.Permitted {
caps = append(caps, cap)
for _, cap := range rs.Process.Capabilities.Permitted {
caps[cap] = true
}
for _, cap = range rs.Process.Capabilities.Ambient {
caps = append(caps, cap)
for _, cap := range rs.Process.Capabilities.Ambient {
caps[cap] = true
}
for _, cap = range caps {
for cap := range caps {
switch cap {
case "CAP_DAC_READ_SEARCH":
syscalls = append(syscalls, []rspec.LinuxSyscall{