Skip to content
Permalink
Browse files Browse the repository at this point in the history
exec: --cap do not set inheritable capabilities
Closes: CVE-2022-27650

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
  • Loading branch information
giuseppe committed Mar 23, 2022
1 parent b847d14 commit 1aeeed2
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/exec.c
Expand Up @@ -304,8 +304,8 @@ crun_command_exec (struct crun_global_arguments *global_args, int argc, char **a
capabilities->effective = exec_options.cap;
capabilities->effective_len = exec_options.cap_size;

capabilities->inheritable = dup_array (exec_options.cap, exec_options.cap_size);
capabilities->inheritable_len = exec_options.cap_size;
capabilities->inheritable = NULL;
capabilities->inheritable_len = 0;

capabilities->bounding = dup_array (exec_options.cap, exec_options.cap_size);
capabilities->bounding_len = exec_options.cap_size;
Expand Down

0 comments on commit 1aeeed2

Please sign in to comment.