From e7fbf329c206397b77f39b60e1bed0c8b9de45c6 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Fri, 24 Aug 2018 05:47:37 -0400
Subject: Reveal information about container capabilities

I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1335
Approved by: TomSweeneyRedHat
---
 libpod/container_inspect.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libpod')

diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 7ed9f9be9..f2e54aeef 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -79,6 +79,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data)
 		Name:            config.Name,
 		Driver:          driverData.Name,
 		MountLabel:      config.MountLabel,
+		EffectiveCaps:   spec.Process.Capabilities.Effective,
+		BoundingCaps:    spec.Process.Capabilities.Bounding,
 		ProcessLabel:    spec.Process.SelinuxLabel,
 		AppArmorProfile: spec.Process.ApparmorProfile,
 		ExecIDs:         execIDs,
-- 
cgit v1.2.3-54-g00ecf