summaryrefslogtreecommitdiff
path: root/pkg/spec
diff options
context:
space:
mode:
authorValentin Rothberg <rothberg@redhat.com>2020-02-12 10:47:48 +0100
committerValentin Rothberg <rothberg@redhat.com>2020-02-14 12:00:45 +0100
commit156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf (patch)
treebb6e38aa54df2158e5cf8a5d87c8558ef833c424 /pkg/spec
parent0c060dace19710716ff8f3a65865a295312d9d94 (diff)
downloadpodman-156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf.tar.gz
podman-156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf.tar.bz2
podman-156ce5cd7d6f0f1514d263a74ffe3dd42f7c7caf.zip
add pkg/capabilities
Add pkg/capabibilities to deal with capabilities. The code has been copied from Docker (and attributed with the copyright) but changed significantly to only do what we really need. The code has also been simplified and will perform better due to removed redundancy. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'pkg/spec')
-rw-r--r--pkg/spec/security.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/spec/security.go b/pkg/spec/security.go
index 372fe87c6..3bad9f97a 100644
--- a/pkg/spec/security.go
+++ b/pkg/spec/security.go
@@ -5,7 +5,7 @@ import (
"strings"
"github.com/containers/libpod/libpod"
- "github.com/docker/docker/oci/caps"
+ "github.com/containers/libpod/pkg/capabilities"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
@@ -118,7 +118,7 @@ func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserCon
if useNotRoot(user.User) {
configSpec.Process.Capabilities.Bounding = caplist
}
- caplist, err = caps.TweakCapabilities(configSpec.Process.Capabilities.Bounding, c.CapAdd, c.CapDrop, nil, false)
+ caplist, err = capabilities.MergeCapabilities(configSpec.Process.Capabilities.Bounding, c.CapAdd, c.CapDrop)
if err != nil {
return err
}
@@ -129,7 +129,7 @@ func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserCon
configSpec.Process.Capabilities.Effective = caplist
configSpec.Process.Capabilities.Ambient = caplist
if useNotRoot(user.User) {
- caplist, err = caps.TweakCapabilities(bounding, c.CapAdd, c.CapDrop, nil, false)
+ caplist, err = capabilities.MergeCapabilities(bounding, c.CapAdd, c.CapDrop)
if err != nil {
return err
}