utils_linux.go 1.1 KB

123456789101112131415161718192021222324252627282930313233343536
  1. package caps // import "github.com/docker/docker/oci/caps"
  2. import (
  3. "context"
  4. "sync"
  5. ccaps "github.com/containerd/containerd/pkg/cap"
  6. "github.com/containerd/log"
  7. )
  8. var initCapsOnce sync.Once
  9. func initCaps() {
  10. initCapsOnce.Do(func() {
  11. rawCaps := ccaps.Known()
  12. curCaps, err := ccaps.Current()
  13. if err != nil {
  14. log.G(context.TODO()).WithError(err).Error("failed to get capabilities from current environment")
  15. allCaps = rawCaps
  16. } else {
  17. allCaps = curCaps
  18. }
  19. knownCaps = make(map[string]*struct{}, len(rawCaps))
  20. for _, capName := range rawCaps {
  21. // For now, we assume the capability is available if we failed to
  22. // get the capabilities from the current environment. This keeps the
  23. // old (pre-detection) behavior, and prevents creating containers with
  24. // no capabilities. The OCI runtime or kernel may still refuse capa-
  25. // bilities that are not available, and produce an error in that case.
  26. if len(curCaps) > 0 && !inSlice(curCaps, capName) {
  27. knownCaps[capName] = nil
  28. continue
  29. }
  30. knownCaps[capName] = &struct{}{}
  31. }
  32. })
  33. }