vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

server: fix set caps on container create

Browse source 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-05-05 12:14:34 +02:00
parent 715785950c
commit 139b16bac2
No known key found for this signature in database
GPG key ID: B2BEAD150DE936B9
7 changed files with 80 additions and 114 deletions
Download patch file Download diff file Expand all files Collapse all files

40
test/testdata/container_config.json vendored
View file

@ -51,30 +51,22 @@
"memory_limit_in_bytes": 88000000,
"oom_score_adj": 30
},
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_write",
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "container_t",
"level": "s0:c4,c5"
},
"user": {
"uid": 5,
"gid": 300,
"additional_gids": [
400,
401,
402
]
"security_context": {
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "container_t",
"level": "s0:c4,c5"
}
}
}
}

40
test/testdata/container_config_by_imageid.json vendored
View file

@ -51,30 +51,22 @@
"memory_limit_in_bytes": 88000000,
"oom_score_adj": 30
},
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_write",
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "container_t",
"level": "s0:c4,c5"
},
"user": {
"uid": 5,
"gid": 300,
"additional_gids": [
400,
401,
402
]
"security_context": {
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "container_t",
"level": "s0:c4,c5"
}
}
}
}

42
test/testdata/container_config_logging.json vendored
View file

@ -4,7 +4,7 @@
"attempt": 1
},
"image": {
"image": "docker://busybox:latest"
"image": "busybox:latest"
},
"command": [
"/bin/sh", "-c"
@ -53,30 +53,22 @@
"memory_limit_in_bytes": 88000000,
"oom_score_adj": 30
},
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_write",
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "container_t",
"level": "s0:c4,c5"
},
"user": {
"uid": 5,
"gid": 300,
"additional_gids": [
400,
401,
402
]
"security_context": {
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "container_t",
"level": "s0:c4,c5"
}
}
}
}

40
test/testdata/container_config_seccomp.json vendored
View file

@ -53,30 +53,22 @@
"memory_limit_in_bytes": 88000000,
"oom_score_adj": 30
},
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_write",
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "svirt_lxc_net_t",
"level": "s0:c4-c5"
},
"user": {
"uid": 5,
"gid": 300,
"additional_gids": [
400,
401,
402
]
"security_context": {
"capabilities": {
"add_capabilities": [
"setuid",
"setgid"
],
"drop_capabilities": [
"audit_read"
]
},
"selinux_options": {
"user": "system_u",
"role": "system_r",
"type": "svirt_lxc_net_t",
"level": "s0:c4-c5"
}
}
}
}

8
test/testdata/container_exit_test.json vendored
View file

@ -18,11 +18,5 @@
"log_path": "",
"stdin": false,
"stdin_once": false,
"tty": false,
"linux": {
"user": {
"uid": 0,
"gid": 0
}
}
"tty": false
}

14
test/testdata/container_redis.json vendored
View file

@ -51,14 +51,12 @@
"memory_limit_in_bytes": 88000000,
"oom_score_adj": 30
},
"capabilities": {
"add_capabilities": [
"sys_admin"
]
},
"user": {
"uid": 0,
"gid": 0
"security_context": {
"capabilities": {
"add_capabilities": [
"sys_admin"
]
}
}
}
}