jyapayne/anbox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Get rid of dropping capabilities as this prevents gaining relevant ones in the container

Browse source
This commit is contained in:
Simon Fels 2016-12-08 17:06:52 +01:00
commit fc55e2c59a
1 changed files with 0 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/anbox/container/lxc_container.cpp
View file

@ -80,10 +80,6 @@ void LxcContainer::start(const Configuration &configuration) {
if (container_->is_running(container_)) container_->stop(container_);
}
// We drop all not needed capabilities
set_config_item("lxc.cap.drop",
"mac_admin mac_override sys_time sys_module sys_rawio");
// We can mount proc/sys as rw here as we will run the container unprivileged
// in the end
set_config_item("lxc.mount.auto", "proc:mixed sys:mixed cgroup:mixed");