Daniel J Walsh bae80a0b66 Clear all caps, except the bounding set, when --user is specified. ... Currently we are giving all caps to users when running with podman run --user, They should get none by default. If the command line includes --cap-add, then we need to run with those capabilties. Similarly we need to drop caps from bounding set, if user specifies --cap-drop Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #851 Approved by: mheon		2018-05-31 13:46:08 +00:00
..
annotations	Spell check strings and comments	2018-05-25 08:45:15 +00:00
chrootuser	chrootuser: default to GID 0 when given a numeric --user	2018-05-17 17:05:44 +00:00
hooks	hooks/1.0.0: Error on empty process.args instead of panicking	2018-05-24 21:27:05 +00:00
inspect	fix typos in the inspect json structs	2018-05-02 18:02:22 +00:00
kubeutils	Remove dependency on kubernetes	2018-03-27 21:55:33 +00:00
registrar	Initial checkin from CRI-O repo	2017-11-01 11:24:59 -04:00
registries	Spell check strings and comments	2018-05-25 08:45:15 +00:00
secrets	Rename addFIPSsModeSecret to addFIPSModeSecret	2018-05-25 16:37:34 +00:00
spec	Clear all caps, except the bounding set, when --user is specified.	2018-05-31 13:46:08 +00:00
util	Begin wiring in USERNS Support into podman	2018-05-04 17:15:55 +00:00
varlinkapi	save and load should support multi-tag for docker-archive	2018-05-25 15:15:47 +00:00