|
|
@@ -7,7 +7,7 @@ import (
|
|
|
|
|
|
// New returns the docker default configuration for libcontainer
|
|
|
func New() *libcontainer.Container {
|
|
|
- return &libcontainer.Container{
|
|
|
+ container := &libcontainer.Container{
|
|
|
CapabilitiesMask: libcontainer.Capabilities{
|
|
|
libcontainer.GetCapability("SETPCAP"),
|
|
|
libcontainer.GetCapability("SYS_MODULE"),
|
|
|
@@ -23,6 +23,7 @@ func New() *libcontainer.Container {
|
|
|
libcontainer.GetCapability("MAC_OVERRIDE"),
|
|
|
libcontainer.GetCapability("MAC_ADMIN"),
|
|
|
libcontainer.GetCapability("NET_ADMIN"),
|
|
|
+ libcontainer.GetCapability("MKNOD"),
|
|
|
},
|
|
|
Namespaces: libcontainer.Namespaces{
|
|
|
libcontainer.GetNamespace("NEWNS"),
|
|
|
@@ -39,4 +40,6 @@ func New() *libcontainer.Container {
|
|
|
"apparmor_profile": "docker-default",
|
|
|
},
|
|
|
}
|
|
|
+ container.CapabilitiesMask.Get("MKNOD").Enabled = true
|
|
|
+ return container
|
|
|
}
|
Victor Vieux