flatcar-scripts

mirror of https://github.com/flatcar/scripts.git synced 2025-08-18 10:27:00 +02:00

History

Dongsu Park 18630b7218 app-emulation/docker-runc: disable NoNewPrivileges options Temporarily disable Prctl and InitSeccomp for NoNewPrivileges, to be able to make docker/runc work with "--security-opt=no-new-privileges". So far it has worked without disabling NoNewPrivileges until runc 1.0.0-rc92, which allowed the "selinux" build tag. Since runc 1.0.0-rc93, however, the selinux build tag is now gone, so selinux is always enabled. That's why `docker run --security-opt=no-new-privileges` failed. Until we could figure out its real reason, let's temporarily disable NoNewPrivilges to make the CI pass.	2021-03-01 14:17:10 +01:00
..
src/third_party/coreos-overlay	app-emulation/docker-runc: disable NoNewPrivileges options	2021-03-01 14:17:10 +01:00

Dongsu Park 18630b7218 app-emulation/docker-runc: disable NoNewPrivileges options

Temporarily disable Prctl and InitSeccomp for NoNewPrivileges, to be able
to make docker/runc work with "--security-opt=no-new-privileges".

So far it has worked without disabling NoNewPrivileges until runc
1.0.0-rc92,
which allowed the "selinux" build tag. Since runc 1.0.0-rc93, however,
the selinux build tag is now gone, so selinux is always enabled.
That's why `docker run --security-opt=no-new-privileges` failed.

Until we could figure out its real reason, let's temporarily disable
NoNewPrivilges to make the CI pass.

2021-03-01 14:17:10 +01:00

src/third_party/coreos-overlay

app-emulation/docker-runc: disable NoNewPrivileges options

2021-03-01 14:17:10 +01:00