chiark / gitweb /
~ianmdlvl / elogind.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9e4ded3) | patch
nspawn: Map all seccomp filters to capabilities
authorJay Faulkner <jay@jvf.cc>
Fri, 20 Feb 2015 21:59:47 +0000 (21:59 +0000)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 5 Mar 2015 04:18:09 +0000 (23:18 -0500)
commit9a71b1122c6e49dd9227f82b2f53837c7ea13019
tree3de7a9645978aed8ba18312f2c5490a0231165c2tree | snapshot
parent9e4ded3064e9a683e004ff8f6a8ce53ac20b79d7commit | diff
nspawn: Map all seccomp filters to capabilities

This change makes it so all seccomp filters are mapped
to the appropriate capability and are only added if that
capability was not requested when running the container.

This unbreaks the remaining use cases broken by the
addition of seccomp filters without respecting requested
capabilities.

Co-Authored-By: Clif Houck <me@clifhouck.com>
[zj: - adapt to our coding style, make struct anonymous]
src/nspawn/nspawn.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.