vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

server: fix set caps on container create

Browse source 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-05-05 12:14:34 +02:00
parent 715785950c
commit 139b16bac2
No known key found for this signature in database
GPG key ID: B2BEAD150DE936B9
7 changed files with 80 additions and 114 deletions
Download patch file Download diff file Expand all files Collapse all files

10
server/container_create.go
View file

@ -400,11 +400,17 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
}
capabilities := linux.GetSecurityContext().GetCapabilities()
toCAPPrefixed := func(cap string) string {
if !strings.HasPrefix(strings.ToLower(cap), "cap_") {
return "CAP_" + cap
}
return cap
}
if capabilities != nil {
addCaps := capabilities.AddCapabilities
if addCaps != nil {
for _, cap := range addCaps {
if err := specgen.AddProcessCapability(cap); err != nil {
if err := specgen.AddProcessCapability(toCAPPrefixed(cap)); err != nil {
return nil, err
}
}
@ -413,7 +419,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
dropCaps := capabilities.DropCapabilities
if dropCaps != nil {
for _, cap := range dropCaps {
if err := specgen.DropProcessCapability(cap); err != nil {
if err := specgen.DropProcessCapability(toCAPPrefixed(cap)); err != nil {
return nil, err
}
}