fickit-pkg: find the minimal set of capabilities to run

2019-01-19 23:40:42 +01:00 · 2019-01-19 23:40:42 +01:00 · 0812fe5000
commit 0812fe5000
parent e59e02e4fc
1 changed files with 6 additions and 0 deletions
--- a/fickit-pkg/rsync/build.yml
+++ b/fickit-pkg/rsync/build.yml
@ -6,6 +6,12 @@ config:
    - /etc/resolv.conf:/etc/resolv.conf
  capabilities:
    - CAP_NET_BIND_SERVICE
+    - CAP_SYS_CHROOT
+    - CAP_SETGID
+    - CAP_SETUID
+    - CAP_KILL
+    - CAP_CHOWN
+    - CAP_FOWNER
  pid: new
  ipc: new
  uts: new