container: raise CAP_DAC_OVERRIDE
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m59s
Test / Hakurei (push) Successful in 2m54s
Test / Sandbox (race detector) (push) Successful in 3m52s
Test / Hpkg (push) Successful in 3m51s
Test / Hakurei (race detector) (push) Successful in 4m39s
Test / Flake checks (push) Successful in 1m25s
All checks were successful
Test / Create distribution (push) Successful in 32s
Test / Sandbox (push) Successful in 1m59s
Test / Hakurei (push) Successful in 2m54s
Test / Sandbox (race detector) (push) Successful in 3m52s
Test / Hpkg (push) Successful in 3m51s
Test / Hakurei (race detector) (push) Successful in 4m39s
Test / Flake checks (push) Successful in 1m25s
This is required for upperdir and workdir checks in overlayfs. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
parent
b353c3deea
commit
f1a53d6116
@ -12,8 +12,9 @@ const (
|
|||||||
PR_CAP_AMBIENT_RAISE = 0x2
|
PR_CAP_AMBIENT_RAISE = 0x2
|
||||||
PR_CAP_AMBIENT_CLEAR_ALL = 0x4
|
PR_CAP_AMBIENT_CLEAR_ALL = 0x4
|
||||||
|
|
||||||
CAP_SYS_ADMIN = 0x15
|
CAP_SYS_ADMIN = 0x15
|
||||||
CAP_SETPCAP = 0x8
|
CAP_SETPCAP = 0x8
|
||||||
|
CAP_DAC_OVERRIDE = 0x1
|
||||||
)
|
)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
|
@ -146,7 +146,7 @@ func (p *Container) Start() error {
|
|||||||
CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWCGROUP,
|
CLONE_NEWIPC | CLONE_NEWUTS | CLONE_NEWCGROUP,
|
||||||
|
|
||||||
// remain privileged for setup
|
// remain privileged for setup
|
||||||
AmbientCaps: []uintptr{CAP_SYS_ADMIN, CAP_SETPCAP},
|
AmbientCaps: []uintptr{CAP_SYS_ADMIN, CAP_SETPCAP, CAP_DAC_OVERRIDE},
|
||||||
|
|
||||||
UseCgroupFD: p.Cgroup != nil,
|
UseCgroupFD: p.Cgroup != nil,
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user