github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 10:09:07 +00:00
Code Issues Projects Releases Wiki Activity

miragesdk: remove CAP_SYS_PTRACE

Browse Source 
Since https://github.com/opencontainers/runc/pull/774 we don't need this anymore.

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
This commit is contained in:
Thomas Gazagnaire 2017-04-07 12:09:06 +02:00
parent d289de6416
commit 914d27bed9
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
projects/miragesdk/examples/mirage-dhcp.yml
View File

@ -1,7 +1,7 @@
kernel: kernel:
image: "mobylinux/kernel:4.9.x" image: "mobylinux/kernel:4.9.x"
cmdline: "console=ttyS0 page_poison=1" cmdline: "console=ttyS0 page_poison=1"
init: "mobylinux/init:5770b8f1c72d3b9da43951d4ce3b53d473e3dc8b" init: "mobylinux/init:9d755f7e7d108d523448e4a503f1613b7d870389@sha256:9ccb16f2d8b3a09d12f5459106763f1836c064e420a13360e2e25599337960dc"
system: system:
- name: sysctl - name: sysctl
image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c" image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"
@ -31,7 +31,6 @@ daemon:
- CAP_NET_RAW # to read /dev/eth0 - CAP_NET_RAW # to read /dev/eth0
- CAP_SYS_ADMIN # for runc (unshare) - CAP_SYS_ADMIN # for runc (unshare)
- CAP_SETGID # for runc (setns) - CAP_SETGID # for runc (setns)
- CAP_SYS_PTRACE # for runc (read /proc/[pid]/fd)
mounts: # for runc mounts: # for runc
- type: cgroup - type: cgroup
options: ["rw","nosuid","noexec","nodev","relatime"] options: ["rw","nosuid","noexec","nodev","relatime"]