-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for ambient capabilities #11
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ambient capabilities were added in Linux 4.3 and provide a way to pass on capabilities to unprivileged processes easily. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
vdemeester
pushed a commit
to thaJeztah/docker
that referenced
this pull request
Jun 5, 2018
Updates buildkit to current master (github.com/moby/buildkit): moby/buildkit@be6da00...7a4a2a2 Fixes build failures due to gRPC bumps; 18:54:28 vendor/github.com/moby/buildkit/session/filesync/filesync.go:185:8:warning: NewContext not declared by package metadata (gosimple) 18:54:28 vendor/github.com/moby/buildkit/session/filesync/filesync.go:69:13:warning: FromContext not declared by package metadata (gosimple) 18:54:28 vendor/github.com/moby/buildkit/session/filesync/filesync.go:185:8:warning: NewContext not declared by package metadata (interfacer) 18:54:28 vendor/github.com/moby/buildkit/session/filesync/filesync.go:69:13:warning: FromContext not declared by package metadata (interfacer) 18:54:28 vendor/github.com/moby/buildkit/session/filesync/filesync.go:69:13:warning: FromContext not declared by package metadata (unconvert) 18:54:28 vendor/github.com/moby/buildkit/session/filesync/filesync.go:185:8:warning: NewContext not declared by package metadata (unconvert) Update vendored dependencies to match BuildKit: - add github.com/grpc-ecosystem/grpc-opentracing dependency - add github.com/opentracing/opentracing-go dependency - downgrade github.com/pkg/errors to a tagged release: pkg/errors@v0.8.0...839d9e9 - github.com/containerd/continuity containerd/continuity@d8fb858...3e8f2ea - containerd/continuity#110 Add fstest.CreateSocket - github.com/containerd/fifo containerd/fifo@fbfb6a1...3d5202a - Add apache license to files - github.com/containerd/go-runc containerd/go-runc@4f6e87a...f271fa2 - containerd/go-runc#37 runc: be able to get the full ps data (ps -f table) - containerd/go-runc#40 Add ConsoleSocket to RestoreOpts - github.com/containerd/console containerd/console@2748ece...cb7008a - containerd/console#21 Add OpenBSD support - github.com/syndtr/gocapability syndtr/gocapability@2c00dae...db04d3c - syndtr/gocapability#11 Add support for ambient capabilities - syndtr/gocapability#13 Fix issue moby#12: break too early - golang.org/x/net golang/net@5561cd9...0ed95ab - golang.org/x/text golang/text@f72d839...19e5161 - golang.org/x/time golang/time@a4bde12...f51c127 - github.com/tonistiigi/fsutil tonistiigi/fsutil@dea3a0d...93a0fd1 - tonistiigi/fsutil#16 Don not hang on diskwriter errors - tonistiigi/fsutil#17 fix fd leak on send - tonistiigi/fsutil#18 avoid possible receiver panic/deadlock on sender error - tonistiigi/fsutil#20 receive: read stream to EOF on close - tonistiigi/fsutil#21 avoid not-exist error on walker - tonistiigi/fsutil#27 Generalize chtimes() implementation for non-linux platforms - tonistiigi/fsutil#28 walker: handle parents and subdirs in includepatterns Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
added a commit
to thaJeztah/docker
that referenced
this pull request
Apr 14, 2019
full diff: syndtr/gocapability@2c00dae...d983527 relevant changes: - syndtr/gocapability#11 Add support for ambient capabilities - syndtr/gocapability#13 Fix issue moby#12: break too early - syndtr/gocapability#16 Fix capHeader.pid type Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
docker-jenkins
pushed a commit
to docker-archive/docker-ce
that referenced
this pull request
Apr 16, 2019
full diff: syndtr/gocapability@2c00dae...d983527 relevant changes: - syndtr/gocapability#11 Add support for ambient capabilities - syndtr/gocapability#13 Fix issue #12: break too early - syndtr/gocapability#16 Fix capHeader.pid type Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: da1fbb3f2bb8dbe9393fe2328701b900ef1462f4 Component: engine
kiku-jw
pushed a commit
to kiku-jw/moby
that referenced
this pull request
May 16, 2019
full diff: syndtr/gocapability@2c00dae...d983527 relevant changes: - syndtr/gocapability#11 Add support for ambient capabilities - syndtr/gocapability#13 Fix issue moby#12: break too early - syndtr/gocapability#16 Fix capHeader.pid type Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ambient capabilities were added in Linux 4.3 and provide a way
to pass on capabilities to unprivileged processes easily.
Signed-off-by: Justin Cormack justin.cormack@docker.com