mirrors/binctr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

POC no setuid, setgid caps

Browse source 
Signed-off-by: Jess Frazelle <jess@mesosphere.com>
This commit is contained in:
Jess Frazelle 2016-04-17 21:13:18 -07:00
parent 69cba73cf6
commit 2b527491fe
10 changed files with 156 additions and 171 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -40,7 +40,7 @@ static: $(BINDIR) rootfs.go
@echo "+ $@"
CGO_ENABLED=1 go build -tags "$(BUILDTAGS) cgo static_build" \
-ldflags "-w -extldflags -static ${LDFLAGS}" -o bin/$(notdir $(IMAGE)) .
@sudo setcap cap_chown,cap_fowner,cap_dac_override,cap_setuid,cap_setgid+ep ./bin/$(notdir $(IMAGE))
@sudo setcap cap_chown,cap_fowner,cap_dac_override+ep ./bin/$(notdir $(IMAGE))
@echo "Static container created at: ./bin/$(notdir $(IMAGE))"
@echo "Run with ./bin/$(notdir $(IMAGE))"