Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: use the bounding caps with --privileged #9762

Merged
merged 3 commits into from
Mar 19, 2021
Merged

security: use the bounding caps with --privileged #9762

merged 3 commits into from
Mar 19, 2021

Conversation

giuseppe
Copy link
Member

when --privileged is used, make sure to not request more capabilities
than currently available in the current context.

[NO TESTS NEEDED] since it fixes existing tests.

Replaces: #9761

Signed-off-by: Giuseppe Scrivano [email protected]

@openshift-ci-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: giuseppe

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 19, 2021
This was referenced Mar 19, 2021
Closed
Merged
vrothberg
vrothberg reviewed Mar 19, 2021
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@giuseppe giuseppe force-pushed the use-bounding-caps-for---privileged branch from 2158492 to 36c9511 Compare March 19, 2021 12:56
@rhatdan
Copy link
Member

rhatdan commented Mar 19, 2021

/lgtm
/hold

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 19, 2021
@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 19, 2021
dependabot bot and others added 3 commits March 19, 2021 15:03
@dependabot @giuseppe
Bump github.com/containers/common from 0.35.0 to 0.35.3
f46b34e 
Bumps [github.com/containers/common](https://github.com/containers/common) from 0.35.0 to 0.35.3.
- [Release notes](https://github.com/containers/common/releases)
- [Commits](containers/common@v0.35.0...v0.35.3)

Signed-off-by: dependabot[bot] <[email protected]>
@giuseppe
security: use the bounding caps with --privileged
e85cf8f 
when --privileged is used, make sure to not request more capabilities
than currently available in the current context.

[NO TESTS NEEDED] since it fixes existing tests.

Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe
vendor: drop replace for github.com/syndtr/gocapability
adf652e 
Signed-off-by: Giuseppe Scrivano <[email protected]>
@giuseppe giuseppe force-pushed the use-bounding-caps-for---privileged branch from 36c9511 to adf652e Compare March 19, 2021 14:17
@openshift-ci-robot openshift-ci-robot removed the lgtm Indicates that a PR is ready to be merged. label Mar 19, 2021
@giuseppe
Copy link
Member Author

we can simplify some of the new code after: containers/common#482

@giuseppe
Copy link
Member Author

tests are green now

@TomSweeneyRedHat
Copy link
Member

LGTM
/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 19, 2021
@giuseppe
Copy link
Member Author

LGTM
/hold cancel

it needs the lgtm label too

@mheon
Copy link
Member

mheon commented Mar 19, 2021

/lgtm

Got no idea why it didn't pick up Dan's

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 19, 2021
@openshift-merge-robot openshift-merge-robot merged commit ebc9871 into containers:master Mar 19, 2021
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vrothberg vrothberg vrothberg left review comments

Assignees

@rhatdan rhatdan

@mheon mheon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@giuseppe @openshift-ci-robot @rhatdan @TomSweeneyRedHat @mheon @vrothberg @openshift-merge-robot