Merge pull request #1532 from samoht/less-caps

miragesdk: remove CAP_SYS_PTRACe

projects/miragesdk/README.md

@@ -63,6 +63,6 @@ the hardware support is available.
 # Getting Started
 
 ```
-../../bin/moby examples/mirage-dhcp.yml`
+../../bin/moby build examples/mirage-dhcp.yml`
-../../scripts/qemu.sh mirage-dhcp-initrd.img mirage-dhcp-bzImage "$(bin/moby --cmdline mirage-dhcp.yml)"
+../../bin/moby run mirage-dhcp
 ```

projects/miragesdk/examples/mirage-dhcp.yml

@@ -1,7 +1,7 @@
 kernel:
   image: "mobylinux/kernel:4.9.x"
   cmdline: "console=ttyS0 page_poison=1"
-init: "mobylinux/init:5770b8f1c72d3b9da43951d4ce3b53d473e3dc8b"
+init: "mobylinux/init:9d755f7e7d108d523448e4a503f1613b7d870389@sha256:9ccb16f2d8b3a09d12f5459106763f1836c064e420a13360e2e25599337960dc"
 system:
   - name: sysctl
     image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"
@@ -31,7 +31,6 @@ daemon:
      - CAP_NET_RAW   # to read /dev/eth0
      - CAP_SYS_ADMIN # for runc (unshare)
      - CAP_SETGID    # for runc (setns)
-     - CAP_SYS_PTRACE # for runc (read /proc/[pid]/fd)
     mounts: # for runc
      - type: cgroup
        options: ["rw","nosuid","noexec","nodev","relatime"]

projects/miragesdk/pkg/init/Makefile

@@ -1,7 +1,7 @@
 CONTAINERD_IMAGE=mobylinux/containerd:a688df6aee1e3700eb8d54dbc81070361df397a2@sha256:59ee3da05fe4dad4fbecff582c86fc30ce75e19a225eeeb07e203c9cc36fe34f
 CONTAINERD_BINARIES=usr/bin/containerd usr/bin/containerd-shim usr/bin/ctr usr/bin/dist
 
-RUNC_IMAGE=mobylinux/runc:45884ad2bfad045cbf35f2b78b4c82f75fb19854@sha256:d7c4576405f2318d329f538f847927018d4e8497d7968bd3323ff047e2ffe257
+RUNC_IMAGE=mobylinux/runc:f225fb93dc3e6dda1cc9004962893015b29dc2d6@sha256:e75c4b274236bd3ad9f4db0a91a6f2174c8c77009c361ab5dd7a4169406675bc
 RUNC_BINARY=usr/bin/runc
 
 C_COMPILE=mobylinux/c-compile:81a6bd8ff45d769b60a2ee1acdaccda11ab835c8@sha256:eac250997a3b9784d3285a03c0c8311d4ca6fb63dc75164c987411ba93006487