diff options
author | Valentin Rothberg <rothberg@redhat.com> | 2020-02-12 10:47:48 +0100 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2020-02-14 12:00:45 +0100 |
commit | 156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf (patch) | |
tree | bb6e38aa54df2158e5cf8a5d87c8558ef833c424 /pkg/spec | |
parent | 0c060dace19710716ff8f3a65865a295312d9d94 (diff) | |
download | podman-156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf.tar.gz podman-156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf.tar.bz2 podman-156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf.zip |
add pkg/capabilities
Add pkg/capabibilities to deal with capabilities. The code has been
copied from Docker (and attributed with the copyright) but changed
significantly to only do what we really need. The code has also been
simplified and will perform better due to removed redundancy.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'pkg/spec')
-rw-r--r-- | pkg/spec/security.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/spec/security.go b/pkg/spec/security.go index 372fe87c6..3bad9f97a 100644 --- a/pkg/spec/security.go +++ b/pkg/spec/security.go @@ -5,7 +5,7 @@ import ( "strings" "github.com/containers/libpod/libpod" - "github.com/docker/docker/oci/caps" + "github.com/containers/libpod/pkg/capabilities" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" @@ -118,7 +118,7 @@ func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserCon if useNotRoot(user.User) { configSpec.Process.Capabilities.Bounding = caplist } - caplist, err = caps.TweakCapabilities(configSpec.Process.Capabilities.Bounding, c.CapAdd, c.CapDrop, nil, false) + caplist, err = capabilities.MergeCapabilities(configSpec.Process.Capabilities.Bounding, c.CapAdd, c.CapDrop) if err != nil { return err } @@ -129,7 +129,7 @@ func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserCon configSpec.Process.Capabilities.Effective = caplist configSpec.Process.Capabilities.Ambient = caplist if useNotRoot(user.User) { - caplist, err = caps.TweakCapabilities(bounding, c.CapAdd, c.CapDrop, nil, false) + caplist, err = capabilities.MergeCapabilities(bounding, c.CapAdd, c.CapDrop) if err != nil { return err } |