Tree - rpms/crun - CentOS Git server

Blob History Raw

		e51572	`From ed485db1465d67f0215c27529c57a76a1daf5135 Mon Sep 17 00:00:00 2001`
		e51572	`From: Giuseppe Scrivano <gscrivan@redhat.com>`
		e51572	`Date: Mon, 28 Feb 2022 11:05:18 +0100`
		e51572	`Subject: [PATCH 1/2] spec: do not set inheritable capabilities`
		e51572
		e51572	`Closes: CVE-2022-27650`
		e51572
		e51572	`Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>`
		e51572	`(cherry picked from commit b847d146d496c9d7beba166fd595488e85488562)`
		e51572	`---`
		e51572	`src/libcrun/container.c \| 3 ---`
		e51572	`1 file changed, 3 deletions(-)`
		e51572
		e51572	`diff --git a/src/libcrun/container.c b/src/libcrun/container.c`
		e51572	`index d3fb017..1e3f3e6 100644`
		e51572	`--- a/src/libcrun/container.c`
		e51572	`+++ b/src/libcrun/container.c`
		e51572	`@@ -128,9 +128,6 @@ static char spec_file[] = "\`
		e51572	`\"CAP_NET_BIND_SERVICE\"\n\`
		e51572	`],\n\`
		e51572	`\"inheritable\": [\n\`
		e51572	`- \"CAP_AUDIT_WRITE\",\n\`
		e51572	`- \"CAP_KILL\",\n\`
		e51572	`- \"CAP_NET_BIND_SERVICE\"\n\`
		e51572	`],\n\`
		e51572	`\"permitted\": [\n\`
		e51572	`\"CAP_AUDIT_WRITE\",\n\`
		e51572	`--`
		e51572	`2.35.1`
		e51572