projects / project / procd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f3df4a) | patch
jail: don't include capabilities config (-C) inside the jail
authorEtienne CHAMPETIER <champetier.etienne@gmail.com>
Sun, 29 May 2016 23:39:15 +0000 (23:39 +0000)
committerJohn Crispin <john@phrozen.org>
Wed, 1 Jun 2016 08:27:35 +0000 (10:27 +0200)
commit4edf66c192583af866e5b8d4e8e9fcfcd68f1879
treea2ab727b2056a654e71a624fd551a3e5d162788ftree | snapshot
parent8f3df4a1747f8dc6097abfc827007830cb0fbf59commit | diff
jail: don't include capabilities config (-C) inside the jail

Removing capabilities from the capability bounding set doesn't change
the capability effective set, so we can "drop capabilities" before we
build the jail fs, so we don't need to include the capabilities config
file into the jail.

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
jail/jail.c diff | blob | history
OpenWrt service / process manager