We use cookies to ensure you get the best experience on our website
Главная Обзор Помощь
Регистрация Вход
0ct0pu5
/
moby
1
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Просмотр исходного кода

Merge pull request #7062 from crosbymichael/fix-lxc-caps

Fix cap drop issues with lxc
Victor Vieux 11 лет назад
Родитель
a0dad3dfb2 50b580cfec
Сommit
ac3eecf3db
3 измененных файлов с 18 добавлено и 6 удалено
Единый вид Показать статистику Diff
  1. 2 2
      daemon/execdriver/lxc/driver.go
  2. 13 1
      daemon/execdriver/lxc/lxc_init_linux.go
  3. 3 3
      daemon/execdriver/utils.go

+ 2 - 2
daemon/execdriver/lxc/driver.go
Просмотреть файл 

@@ -139,11 +139,11 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
 
 	}
 
 	}
 
 
 
 	if len(c.CapAdd) > 0 {
 
 	if len(c.CapAdd) > 0 {
 
-		params = append(params, "-cap-add", strings.Join(c.CapAdd, " "))
 
+		params = append(params, fmt.Sprintf("-cap-add=%s", strings.Join(c.CapAdd, ":")))
 
 	}
 
 	}
 
 
 
 	if len(c.CapDrop) > 0 {
 
 	if len(c.CapDrop) > 0 {
 
-		params = append(params, "-cap-drop", strings.Join(c.CapDrop, " "))
 
+		params = append(params, fmt.Sprintf("-cap-drop=%s", strings.Join(c.CapDrop, ":")))
 
 	}
 
 	}
 
 
 
 	params = append(params, "--", c.Entrypoint)
 
 	params = append(params, "--", c.Entrypoint)

+ 13 - 1
daemon/execdriver/lxc/lxc_init_linux.go
Просмотреть файл 

@@ -49,7 +49,19 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
 
 			return fmt.Errorf("clear keep caps %s", err)
 
 			return fmt.Errorf("clear keep caps %s", err)
 
 		}
 
 		}
 
 
 
-		caps, err := execdriver.TweakCapabilities(container.Capabilities, strings.Split(args.CapAdd, " "), strings.Split(args.CapDrop, " "))
 
+		var (
 
+			adds  []string
 
+			drops []string
 
+		)
 
+
 
+		if args.CapAdd != "" {
 
+			adds = strings.Split(args.CapAdd, ":")
 
+		}
 
+		if args.CapDrop != "" {
 
+			drops = strings.Split(args.CapDrop, ":")
 
+		}
 
+
 
+		caps, err := execdriver.TweakCapabilities(container.Capabilities, adds, drops)
 
 		if err != nil {
 
 		if err != nil {
 
 			return err
 
 			return err
 
 		}
 
 		}

+ 3 - 3
daemon/execdriver/utils.go
Просмотреть файл 

@@ -20,7 +20,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
 			continue
 
 			continue
 
 		}
 
 		}
 
 		if !utils.StringsContainsNoCase(allCaps, cap) {
 
 		if !utils.StringsContainsNoCase(allCaps, cap) {
 
-			return nil, fmt.Errorf("Unknown capability: %s", cap)
 
+			return nil, fmt.Errorf("Unknown capability drop: %q", cap)
 
 		}
 
 		}
 
 	}
 
 	}
 
 
 
@@ -49,9 +49,8 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
 			continue
 
 			continue
 
 		}
 
 		}
 
 
 
-		// look for invalid cap in the drop list
 
 		if !utils.StringsContainsNoCase(allCaps, cap) {
 
 		if !utils.StringsContainsNoCase(allCaps, cap) {
 
-			return nil, fmt.Errorf("Unknown capability: %s", cap)
 
+			return nil, fmt.Errorf("Unknown capability to add: %q", cap)
 
 		}
 
 		}
 
 
 
 		// add cap if not already in the list
 
 		// add cap if not already in the list
 
@@ -59,5 +58,6 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
 
 			newCaps = append(newCaps, strings.ToUpper(cap))
 
 			newCaps = append(newCaps, strings.ToUpper(cap))
 
 		}
 
 		}
 
 	}
 
 	}
 
+
 
 	return newCaps, nil
 
 	return newCaps, nil
 
 }
 
 }

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5