lxd icon indicating copy to clipboard operation
lxd copied to clipboard
verified publisher icon canonical

Seccomp: Tighten container capability checks a bit to align with kernel behaviour

Open mihalicyn opened this issue 1 year ago • 1 comments

Let's tighten capability checks in mknod interception code to align this with what we have in the kernel. So, if mknod interception is enabled then only user with CAP_MKNOD in the container's initial user namespace can use it.

mihalicyn avatar May 08 '24 12:05 mihalicyn

Thanks @mihalicyn !

tomponline avatar May 08 '24 16:05 tomponline