Add WithAllCapabilities as spec opt

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2018-01-26 14:31:32 -05:00 · 2018-01-26 14:31:32 -05:00 · 4e27c4d53d
commit 4e27c4d53d
parent 8f75d658d7
1 changed files with 29 additions and 0 deletions
--- a/oci/spec_opts_unix.go
+++ b/oci/spec_opts_unix.go
@ -21,6 +21,7 @@ import (
 	"github.com/opencontainers/runc/libcontainer/user"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/syndtr/gocapability/capability"
 )
 // WithTTY sets the information on the spec as well as the environment variables for
@ -346,6 +347,34 @@ func WithUsername(username string) SpecOpts {
 	}
 }
 // WithAllCapabilities set all linux capabilities for the process
 func WithAllCapabilities(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 	caps := getAllCapabilities()
 	s.Process.Capabilities.Bounding = caps
 	s.Process.Capabilities.Effective = caps
 	s.Process.Capabilities.Permitted = caps
 	s.Process.Capabilities.Inheritable = caps
 	return nil
 }
 func getAllCapabilities() []string {
 	last := capability.CAP_LAST_CAP
 	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
 	if last == capability.Cap(63) {
 		last = capability.CAP_BLOCK_SUSPEND
 	}
 	var caps []string
 	for _, cap := range capability.List() {
 		if cap > last {
 			continue
 		}
 		caps = append(caps, "CAP_"+strings.ToUpper(cap.String()))
 	}
 	return caps
 }
 var errNoUsersFound = errors.New("no users found")
 func getUIDGIDFromPath(root string, filter func(user.User) bool) (uid, gid uint32, err error) {