rpms/skopeo
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Remove NET_RAW, SYS_CHROOT, MKNOD and AUDIT_WRITE from default list of capabilities

Browse Source 
Turn on ping for 65k users
This commit is contained in:
Daniel J Walsh 2020-09-17 15:11:58 -04:00
parent 39db5fc47f
commit 5109d70d85
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
2 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
containers.conf
View File

@ -59,29 +59,25 @@
# List of default capabilities for containers. If it is empty or commented out, # List of default capabilities for containers. If it is empty or commented out,
# the default capabilities defined in the container engine will be added. # the default capabilities defined in the container engine will be added.
# #
# default_capabilities = [ default_capabilities = [
# "AUDIT_WRITE", "CHOWN",
# "CHOWN", "DAC_OVERRIDE",
# "DAC_OVERRIDE", "FOWNER",
# "FOWNER", "FSETID",
# "FSETID", "KILL",
# "KILL", "NET_BIND_SERVICE",
# "MKNOD", "SETGID",
# "NET_BIND_SERVICE", "SETPCAP",
# "NET_RAW", "SETUID",
# "SETGID", ]
# "SETPCAP",
# "SETUID",
# "SYS_CHROOT",
# ]
# A list of sysctls to be set in containers by default, # A list of sysctls to be set in containers by default,
# specified as "name=value", # specified as "name=value",
# for example:"net.ipv4.ping_group_range = 0 1000". # for example:"net.ipv4.ping_group_range = 0 1000".
# #
# default_sysctls = [ default_sysctls = [
# "net.ipv4.ping_group_range=0 1000", "net.ipv4.ping_group_range=0 65536",
# ] ]
# A list of ulimits to be set in containers by default, specified as # A list of ulimits to be set in containers by default, specified as
# "<ulimit name>=<soft limit>:<hard limit>", for example: # "<ulimit name>=<soft limit>:<hard limit>", for example:

6
skopeo.spec
View File

@ -46,7 +46,7 @@ Epoch: 1
Epoch: 2 Epoch: 2
%endif %endif
Version: 1.1.1 Version: 1.1.1
Release: 45.dev.git%{shortcommit0}%{?dist} Release: 46.dev.git%{shortcommit0}%{?dist}
Summary: Inspect container images and repositories on registries Summary: Inspect container images and repositories on registries
License: ASL 2.0 License: ASL 2.0
URL: %{git0} URL: %{git0}
@ -447,6 +447,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test %{_datadir}/%{name}/test
%changelog %changelog
* Thu Sep 17 2020 Dan Walsh <dwalsh@fedoraproject.org> - 1:1.1.1-46.dev.git5d5756c
- Remove NET_RAW, SYS_CHROOT, MKNOD and AUDIT_WRITE from default list of capabilities
- Turn on ping for 65k users
* Tue Sep 15 11:13:22 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-45.dev.gitbbd800f * Tue Sep 15 11:13:22 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 1:1.1.1-45.dev.gitbbd800f
- autobuilt bbd800f - autobuilt bbd800f