diff options
author | Fabricio Voznika <fvoznika@google.com> | 2019-10-01 11:48:24 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-10-01 11:49:49 -0700 |
commit | 0b02c3d5e5bae87f5cdbf4ae20dad8344bef32c2 (patch) | |
tree | a5c60e3e55bbfc6807eabd8a219318d6446d9cd4 /pkg/sentry/usermem/usermem_unsafe.go | |
parent | 53cc72da90f5b5a76b024b47fe4e38a81b495eb4 (diff) |
Prevent CAP_NET_RAW from appearing in exec
'docker exec' was getting CAP_NET_RAW even when --net-raw=false
because it was not filtered out from when copying container's
capabilities.
PiperOrigin-RevId: 272260451
Diffstat (limited to 'pkg/sentry/usermem/usermem_unsafe.go')
0 files changed, 0 insertions, 0 deletions