github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request from GHSA-c9cp-9c75-9v8c

Browse Source 
Fix the Inheritable capability defaults.
This commit is contained in:
Derek McGowan
2022-03-23 10:50:56 -07:00
committed by GitHub
parent 36dcc76fa9 6906b57c72
commit 551516a18d
5 changed files with 7 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
oci/spec_opts.go
View File

@@ -873,7 +873,6 @@ func WithCapabilities(caps []string) SpecOpts {
s.Process.Capabilities.Bounding = caps
s.Process.Capabilities.Effective = caps
s.Process.Capabilities.Permitted = caps
s.Process.Capabilities.Inheritable = caps
return nil
}
@@ -908,7 +907,6 @@ func WithAddedCapabilities(caps []string) SpecOpts {
&s.Process.Capabilities.Bounding,
&s.Process.Capabilities.Effective,
&s.Process.Capabilities.Permitted,
&s.Process.Capabilities.Inheritable,
} {
if !capsContain(*cl, c) {
*cl = append(*cl, c)
@@ -928,7 +926,6 @@ func WithDroppedCapabilities(caps []string) SpecOpts {
&s.Process.Capabilities.Bounding,
&s.Process.Capabilities.Effective,
&s.Process.Capabilities.Permitted,
&s.Process.Capabilities.Inheritable,
} {
removeCap(cl, c)
}
@@ -943,7 +940,7 @@ func WithDroppedCapabilities(caps []string) SpecOpts {
func WithAmbientCapabilities(caps []string) SpecOpts {
return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
setCapabilities(s)
s.Process.Capabilities.Inheritable = caps
s.Process.Capabilities.Ambient = caps
return nil
}