[DROP #493] disable caps set

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-06 14:52:45 +02:00 · 2017-05-06 14:52:45 +02:00 · e0d677594c
commit e0d677594c
parent 37b5d432bd
1 changed files with 25 additions and 25 deletions
--- a/server/container_create.go
+++ b/server/container_create.go
@ -399,32 +399,32 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 			}
 		}
-		capabilities := linux.GetSecurityContext().GetCapabilities()
+		//capabilities := linux.GetSecurityContext().GetCapabilities()
-		toCAPPrefixed := func(cap string) string {
+		//toCAPPrefixed := func(cap string) string {
-			if !strings.HasPrefix(strings.ToLower(cap), "cap_") {
+		//if !strings.HasPrefix(strings.ToLower(cap), "cap_") {
-				return "CAP_" + cap
+		//return "CAP_" + cap
-			}
+		//}
-			return cap
+		//return cap
-		}
+		//}
-		if capabilities != nil {
+		//if capabilities != nil {
-			addCaps := capabilities.AddCapabilities
+		//addCaps := capabilities.AddCapabilities
-			if addCaps != nil {
+		//if addCaps != nil {
-				for _, cap := range addCaps {
+		//for _, cap := range addCaps {
-					if err := specgen.AddProcessCapability(toCAPPrefixed(cap)); err != nil {
+		//if err := specgen.AddProcessCapability(toCAPPrefixed(cap)); err != nil {
-						return nil, err
+		//return nil, err
-					}
+		//}
-				}
+		//}
-			}
+		//}
-			dropCaps := capabilities.DropCapabilities
+		//dropCaps := capabilities.DropCapabilities
-			if dropCaps != nil {
+		//if dropCaps != nil {
-				for _, cap := range dropCaps {
+		//for _, cap := range dropCaps {
-					if err := specgen.DropProcessCapability(toCAPPrefixed(cap)); err != nil {
+		//if err := specgen.DropProcessCapability(toCAPPrefixed(cap)); err != nil {
-						return nil, err
+		//return nil, err
-					}
+		//}
-				}
+		//}
-			}
+		//}
-		}
+		//}
 		specgen.SetProcessSelinuxLabel(sb.processLabel)
 		specgen.SetLinuxMountLabel(sb.mountLabel)