Erase ambient capabilities.

Signed-off-by: Lantao Liu <lantaol@google.com>
2018-06-08 11:53:10 -07:00
parent de84f9c0cd
commit b367f30097
2 changed files with 6 additions and 0 deletions
--- a/pkg/server/container_create_test.go
+++ b/pkg/server/container_create_test.go
@@ -261,6 +261,7 @@ func TestContainerCapabilities(t *testing.T) {
 			assert.NotContains(t, spec.Process.Capabilities.Inheritable, exclude)
 			assert.NotContains(t, spec.Process.Capabilities.Permitted, exclude)
 		}
+		assert.Empty(t, spec.Process.Capabilities.Ambient)
 	}
 }