cff4f20c44
The github.com/containerd/containerd/log package was moved to a separate module, which will also be used by upcoming (patch) releases of containerd. This patch moves our own uses of the package to use the new module. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
36 lines
1.1 KiB
Go
36 lines
1.1 KiB
Go
package caps // import "github.com/docker/docker/oci/caps"
|
|
import (
|
|
"context"
|
|
"sync"
|
|
|
|
ccaps "github.com/containerd/containerd/pkg/cap"
|
|
"github.com/containerd/log"
|
|
)
|
|
|
|
var initCapsOnce sync.Once
|
|
|
|
func initCaps() {
|
|
initCapsOnce.Do(func() {
|
|
rawCaps := ccaps.Known()
|
|
curCaps, err := ccaps.Current()
|
|
if err != nil {
|
|
log.G(context.TODO()).WithError(err).Error("failed to get capabilities from current environment")
|
|
allCaps = rawCaps
|
|
} else {
|
|
allCaps = curCaps
|
|
}
|
|
knownCaps = make(map[string]*struct{}, len(rawCaps))
|
|
for _, capName := range rawCaps {
|
|
// For now, we assume the capability is available if we failed to
|
|
// get the capabilities from the current environment. This keeps the
|
|
// old (pre-detection) behavior, and prevents creating containers with
|
|
// no capabilities. The OCI runtime or kernel may still refuse capa-
|
|
// bilities that are not available, and produce an error in that case.
|
|
if len(curCaps) > 0 && !inSlice(curCaps, capName) {
|
|
knownCaps[capName] = nil
|
|
continue
|
|
}
|
|
knownCaps[capName] = &struct{}{}
|
|
}
|
|
})
|
|
}
|