Fixes CVE-2022-29162
Minor security issue (which appears to not be exploitable) related to process
capabilities.
A bug was found in runc where runc exec --cap executed processes with ble Linux
process capabilities, creating an atypical Linux environment. For more
information, see GHSA-f3fp-gc8g-vw66 and CVE-2022-29162.
runc spec no longer sets any inheritable capabilities in the created example OCI
spec (config.json) file.
https://github.com/opencontainers/runc/releases/tag/v1.1.2
Signed-off-by: Christian Stewart <christian@paral.in>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
0295e9602f