summaryrefslogtreecommitdiff
path: root/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go')
-rw-r--r--vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go15
1 files changed, 7 insertions, 8 deletions
diff --git a/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go b/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go
index ef872178f6..21e4de26e0 100644
--- a/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go
+++ b/vendor/src/github.com/docker/libcontainer/security/capabilities/capabilities.go
@@ -3,7 +3,6 @@ package capabilities
import (
"os"
- "github.com/docker/libcontainer"
"github.com/syndtr/gocapability/capability"
)
@@ -11,13 +10,13 @@ const allCapabilityTypes = capability.CAPS | capability.BOUNDS
// DropBoundingSet drops the capability bounding set to those specified in the
// container configuration.
-func DropBoundingSet(container *libcontainer.Container) error {
+func DropBoundingSet(capabilities []string) error {
c, err := capability.NewPid(os.Getpid())
if err != nil {
return err
}
- keep := getEnabledCapabilities(container)
+ keep := getEnabledCapabilities(capabilities)
c.Clear(capability.BOUNDS)
c.Set(capability.BOUNDS, keep...)
@@ -29,13 +28,13 @@ func DropBoundingSet(container *libcontainer.Container) error {
}
// DropCapabilities drops all capabilities for the current process expect those specified in the container configuration.
-func DropCapabilities(container *libcontainer.Container) error {
+func DropCapabilities(capList []string) error {
c, err := capability.NewPid(os.Getpid())
if err != nil {
return err
}
- keep := getEnabledCapabilities(container)
+ keep := getEnabledCapabilities(capList)
c.Clear(allCapabilityTypes)
c.Set(allCapabilityTypes, keep...)
@@ -46,10 +45,10 @@ func DropCapabilities(container *libcontainer.Container) error {
}
// getEnabledCapabilities returns the capabilities that should not be dropped by the container.
-func getEnabledCapabilities(container *libcontainer.Container) []capability.Cap {
+func getEnabledCapabilities(capList []string) []capability.Cap {
keep := []capability.Cap{}
- for _, capability := range container.Capabilities {
- if c := libcontainer.GetCapability(capability); c != nil {
+ for _, capability := range capList {
+ if c := GetCapability(capability); c != nil {
keep = append(keep, c.Value)
}
}
View Lorry Controller Status