11 سال پیش · 7c19499c63
--- a/daemon/execdriver/utils.go
+++ b/daemon/execdriver/utils.go
@@ -38,7 +38,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
				 
			
 
				 			// if we don't drop `all`, add back all the non-dropped caps
			
 
				 			if !utils.StringsContainsNoCase(drops, cap) {
			
 
				-				newCaps = append(newCaps, cap)
			
 
				+				newCaps = append(newCaps, strings.ToUpper(cap))
			
 
				 			}
			
 
				 		}
			
 
				 	}
			
@@ -56,7 +56,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
				 
			
 
				 		// add cap if not already in the list
			
 
				 		if !utils.StringsContainsNoCase(newCaps, cap) {
			
 
				-			newCaps = append(newCaps, cap)
			
 
				+			newCaps = append(newCaps, strings.ToUpper(cap))
			
 
				 		}
			
 
				 	}
			
 
				 	return newCaps, nil
			
--- a/integration-cli/docker_cli_run_test.go
+++ b/integration-cli/docker_cli_run_test.go
@@ -808,6 +808,21 @@ func TestCapDropCannotMknod(t *testing.T) {
 
				 	logDone("run - test --cap-drop=MKNOD cannot mknod")
			
 
				 }
			
 
				 
			
 
				+func TestCapDropCannotMknodLowerCase(t *testing.T) {
			
 
				+	cmd := exec.Command(dockerBinary, "run", "--cap-drop=mknod", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
			
 
				+	out, _, err := runCommandWithOutput(cmd)
			
 
				+	if err == nil {
			
 
				+		t.Fatal(err, out)
			
 
				+	}
			
 
				+
			
 
				+	if actual := strings.Trim(out, "\r\n"); actual == "ok" {
			
 
				+		t.Fatalf("expected output not ok received %s", actual)
			
 
				+	}
			
 
				+	deleteAllContainers()
			
 
				+
			
 
				+	logDone("run - test --cap-drop=mknod cannot mknod lowercase")
			
 
				+}
			
 
				+
			
 
				 func TestCapDropALLCannotMknod(t *testing.T) {
			
 
				 	cmd := exec.Command(dockerBinary, "run", "--cap-drop=ALL", "busybox", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
			
 
				 	out, _, err := runCommandWithOutput(cmd)