github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Fix capabilities support.

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu 2017-06-11 02:15:34 +00:00
parent e9a930b28b
commit f247a0819d
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/server/container_start.go
View File

@ -467,14 +467,15 @@ func setOCICapabilities(g *generate.Generator, capabilities *runtime.Capability,
return nil return nil
} }
// Capabilities in CRI doesn't have `CAP_` prefix, so add it.
for _, c := range capabilities.GetAddCapabilities() { for _, c := range capabilities.GetAddCapabilities() {
if err := g.AddProcessCapability(c); err != nil { if err := g.AddProcessCapability("CAP_" + c); err != nil {
return err return err
} }
} }
for _, c := range capabilities.GetDropCapabilities() { for _, c := range capabilities.GetDropCapabilities() {
if err := g.DropProcessCapability(c); err != nil { if err := g.DropProcessCapability("CAP_" + c); err != nil {
return err return err
} }
} }

4
pkg/server/container_start_test.go
View File

@ -77,8 +77,8 @@ func getStartContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandboxC
}, },
SecurityContext: &runtime.LinuxContainerSecurityContext{ SecurityContext: &runtime.LinuxContainerSecurityContext{
Capabilities: &runtime.Capability{ Capabilities: &runtime.Capability{
AddCapabilities: []string{"CAP_SYS_ADMIN"}, AddCapabilities: []string{"SYS_ADMIN"},
DropCapabilities: []string{"CAP_CHOWN"}, DropCapabilities: []string{"CHOWN"},
}, },
SupplementalGroups: []int64{1111, 2222}, SupplementalGroups: []int64{1111, 2222},
}, },