Better capability/namespace management

Docker-DCO-1.1-Signed-off-by: Guillaume J. Charmes <guillaume.charmes@docker.com> (github: creack)

libcontainer/capabilities/capabilities.go

@@ -6,24 +6,6 @@ import (
 	"os"
 )
 
-var capMap = map[libcontainer.Capability]capability.Cap{
-	libcontainer.CAP_SETPCAP:        capability.CAP_SETPCAP,
-	libcontainer.CAP_SYS_MODULE:     capability.CAP_SYS_MODULE,
-	libcontainer.CAP_SYS_RAWIO:      capability.CAP_SYS_RAWIO,
-	libcontainer.CAP_SYS_PACCT:      capability.CAP_SYS_PACCT,
-	libcontainer.CAP_SYS_ADMIN:      capability.CAP_SYS_ADMIN,
-	libcontainer.CAP_SYS_NICE:       capability.CAP_SYS_NICE,
-	libcontainer.CAP_SYS_RESOURCE:   capability.CAP_SYS_RESOURCE,
-	libcontainer.CAP_SYS_TIME:       capability.CAP_SYS_TIME,
-	libcontainer.CAP_SYS_TTY_CONFIG: capability.CAP_SYS_TTY_CONFIG,
-	libcontainer.CAP_MKNOD:          capability.CAP_MKNOD,
-	libcontainer.CAP_AUDIT_WRITE:    capability.CAP_AUDIT_WRITE,
-	libcontainer.CAP_AUDIT_CONTROL:  capability.CAP_AUDIT_CONTROL,
-	libcontainer.CAP_MAC_OVERRIDE:   capability.CAP_MAC_OVERRIDE,
-	libcontainer.CAP_MAC_ADMIN:      capability.CAP_MAC_ADMIN,
-	libcontainer.CAP_NET_ADMIN:      capability.CAP_NET_ADMIN,
-}
-
 // DropCapabilities drops capabilities for the current process based
 // on the container's configuration.
 func DropCapabilities(container *libcontainer.Container) error {
@@ -45,7 +27,7 @@ func DropCapabilities(container *libcontainer.Container) error {
 func getCapabilities(container *libcontainer.Container) []capability.Cap {
 	drop := []capability.Cap{}
 	for _, c := range container.Capabilities {
-		drop = append(drop, capMap[c])
+		drop = append(drop, c.Value)
 	}
 	return drop
 }