Do not set ambient caps for now

Will make it explicit later. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
2025-07-21 18:11:35 +00:00 · 2017-04-03 18:39:16 +01:00 · 2017-04-03 18:39:16 +01:00 · 47e483fea3
commit 47e483fea3
parent 2a1199eaee
1 changed files with 1 additions and 1 deletions
--- a/tools/riddler/riddler.sh
+++ b/tools/riddler/riddler.sh
@ -43,7 +43,7 @@ cat config.json.orig | \
  jq 'del(.linux.uidMappings) | del(.linux.gidMappings) | .linux.namespaces = (.linux.namespaces|map(select(.type!="user")))' | \
  jq 'if .root.readonly==true then .mounts = (.mounts|map(if .destination=="/dev" then .options |= .+ ["ro"] else . end)) else . end' | \
  jq '.mounts = if .process.capabilities | length != 38 then (.mounts|map(if .destination=="/sys" then .options |= .+ ["ro"] else . end)) else . end' | \
-  jq '.process.capabilities = { bounding: .process.capabilities, effective: .process.capabilities, ambient: .process.capabilities, inheritable: .process.capabilities, permitted: .process.capabilities }' \
+  jq '.process.capabilities = { bounding: .process.capabilities, effective: .process.capabilities, inheritable: .process.capabilities, permitted: .process.capabilities }' \
  > config.json
 cat config.json