From 47e483fea3866a89bb7657611568ebd06051f2da Mon Sep 17 00:00:00 2001
From: Justin Cormack <justin.cormack@docker.com>
Date: Mon, 3 Apr 2017 18:39:16 +0100
Subject: [PATCH] Do not set ambient caps for now

Will make it explicit later.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
---
 tools/riddler/riddler.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/riddler/riddler.sh b/tools/riddler/riddler.sh
index 44935f526..6adf606f3 100755
--- a/tools/riddler/riddler.sh
+++ b/tools/riddler/riddler.sh
@@ -43,7 +43,7 @@ cat config.json.orig | \
   jq 'del(.linux.uidMappings) | del(.linux.gidMappings) | .linux.namespaces = (.linux.namespaces|map(select(.type!="user")))' | \
   jq 'if .root.readonly==true then .mounts = (.mounts|map(if .destination=="/dev" then .options |= .+ ["ro"] else . end)) else . end' | \
   jq '.mounts = if .process.capabilities | length != 38 then (.mounts|map(if .destination=="/sys" then .options |= .+ ["ro"] else . end)) else . end' | \
-  jq '.process.capabilities = { bounding: .process.capabilities, effective: .process.capabilities, ambient: .process.capabilities, inheritable: .process.capabilities, permitted: .process.capabilities }' \
+  jq '.process.capabilities = { bounding: .process.capabilities, effective: .process.capabilities, inheritable: .process.capabilities, permitted: .process.capabilities }' \
   > config.json
 
 cat config.json