diff options
author | Jamie Liu <jamieliu@google.com> | 2019-01-08 12:51:04 -0800 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2019-01-08 12:52:24 -0800 |
commit | f95b94fbe3e557b16ed2b78c87e8936c0aeab6c5 (patch) | |
tree | 2c8122e9eb8b4de70a90b938fb8911b3b5c24054 /pkg/sentry/platform/kvm/machine_amd64_unsafe.go | |
parent | 3f45878b7323697c82e06649144e2a4f39018a12 (diff) |
Grant no initial capabilities to non-root UIDs.
See modified comment in auth.NewUserCredentials(); compare to the
behavior of setresuid(2) as implemented by
//pkg/sentry/kernel/task_identity.go:kernel.Task.setKUIDsUncheckedLocked().
PiperOrigin-RevId: 228381765
Change-Id: I45238777c8f63fcf41b99fce3969caaf682fe408
Diffstat (limited to 'pkg/sentry/platform/kvm/machine_amd64_unsafe.go')
0 files changed, 0 insertions, 0 deletions