Fix runsc capabilities
There was a typo and one new capability missing from the list PiperOrigin-RevId: 195427713 Change-Id: I6d9e1c6e77b48fe85ef10d9f54c70c8a7271f6e7
This commit is contained in:
parent
7e82550bf7
commit
c90fefc116
|
@ -32,7 +32,7 @@ const (
|
||||||
CAP_SETPCAP = Capability(8)
|
CAP_SETPCAP = Capability(8)
|
||||||
CAP_LINUX_IMMUTABLE = Capability(9)
|
CAP_LINUX_IMMUTABLE = Capability(9)
|
||||||
CAP_NET_BIND_SERVICE = Capability(10)
|
CAP_NET_BIND_SERVICE = Capability(10)
|
||||||
CAP_NET_BROAD_CAST = Capability(11)
|
CAP_NET_BROADCAST = Capability(11)
|
||||||
CAP_NET_ADMIN = Capability(12)
|
CAP_NET_ADMIN = Capability(12)
|
||||||
CAP_NET_RAW = Capability(13)
|
CAP_NET_RAW = Capability(13)
|
||||||
CAP_IPC_LOCK = Capability(14)
|
CAP_IPC_LOCK = Capability(14)
|
||||||
|
@ -58,9 +58,10 @@ const (
|
||||||
CAP_SYSLOG = Capability(34)
|
CAP_SYSLOG = Capability(34)
|
||||||
CAP_WAKE_ALARM = Capability(35)
|
CAP_WAKE_ALARM = Capability(35)
|
||||||
CAP_BLOCK_SUSPEND = Capability(36)
|
CAP_BLOCK_SUSPEND = Capability(36)
|
||||||
|
CAP_AUDIT_READ = Capability(37)
|
||||||
|
|
||||||
// MaxCapability is the highest-numbered capability.
|
// MaxCapability is the highest-numbered capability.
|
||||||
MaxCapability = Capability(36) // CAP_BLOCK_SUSPEND as of 3.11
|
MaxCapability = CAP_AUDIT_READ
|
||||||
)
|
)
|
||||||
|
|
||||||
// Ok returns true if cp is a supported capability.
|
// Ok returns true if cp is a supported capability.
|
||||||
|
|
|
@ -91,7 +91,7 @@ var capFromName = map[string]capability.Cap{
|
||||||
"CAP_SETPCAP": capability.CAP_SETPCAP,
|
"CAP_SETPCAP": capability.CAP_SETPCAP,
|
||||||
"CAP_LINUX_IMMUTABLE": capability.CAP_LINUX_IMMUTABLE,
|
"CAP_LINUX_IMMUTABLE": capability.CAP_LINUX_IMMUTABLE,
|
||||||
"CAP_NET_BIND_SERVICE": capability.CAP_NET_BIND_SERVICE,
|
"CAP_NET_BIND_SERVICE": capability.CAP_NET_BIND_SERVICE,
|
||||||
"CAP_NET_BROAD_CAST": capability.CAP_NET_BROADCAST,
|
"CAP_NET_BROADCAST": capability.CAP_NET_BROADCAST,
|
||||||
"CAP_NET_ADMIN": capability.CAP_NET_ADMIN,
|
"CAP_NET_ADMIN": capability.CAP_NET_ADMIN,
|
||||||
"CAP_NET_RAW": capability.CAP_NET_RAW,
|
"CAP_NET_RAW": capability.CAP_NET_RAW,
|
||||||
"CAP_IPC_LOCK": capability.CAP_IPC_LOCK,
|
"CAP_IPC_LOCK": capability.CAP_IPC_LOCK,
|
||||||
|
@ -117,4 +117,5 @@ var capFromName = map[string]capability.Cap{
|
||||||
"CAP_SYSLOG": capability.CAP_SYSLOG,
|
"CAP_SYSLOG": capability.CAP_SYSLOG,
|
||||||
"CAP_WAKE_ALARM": capability.CAP_WAKE_ALARM,
|
"CAP_WAKE_ALARM": capability.CAP_WAKE_ALARM,
|
||||||
"CAP_BLOCK_SUSPEND": capability.CAP_BLOCK_SUSPEND,
|
"CAP_BLOCK_SUSPEND": capability.CAP_BLOCK_SUSPEND,
|
||||||
|
"CAP_AUDIT_READ": capability.CAP_AUDIT_READ,
|
||||||
}
|
}
|
||||||
|
|
|
@ -129,7 +129,7 @@ var capFromName = map[string]linux.Capability{
|
||||||
"CAP_SETPCAP": linux.CAP_SETPCAP,
|
"CAP_SETPCAP": linux.CAP_SETPCAP,
|
||||||
"CAP_LINUX_IMMUTABLE": linux.CAP_LINUX_IMMUTABLE,
|
"CAP_LINUX_IMMUTABLE": linux.CAP_LINUX_IMMUTABLE,
|
||||||
"CAP_NET_BIND_SERVICE": linux.CAP_NET_BIND_SERVICE,
|
"CAP_NET_BIND_SERVICE": linux.CAP_NET_BIND_SERVICE,
|
||||||
"CAP_NET_BROAD_CAST": linux.CAP_NET_BROAD_CAST,
|
"CAP_NET_BROADCAST": linux.CAP_NET_BROADCAST,
|
||||||
"CAP_NET_ADMIN": linux.CAP_NET_ADMIN,
|
"CAP_NET_ADMIN": linux.CAP_NET_ADMIN,
|
||||||
"CAP_NET_RAW": linux.CAP_NET_RAW,
|
"CAP_NET_RAW": linux.CAP_NET_RAW,
|
||||||
"CAP_IPC_LOCK": linux.CAP_IPC_LOCK,
|
"CAP_IPC_LOCK": linux.CAP_IPC_LOCK,
|
||||||
|
@ -155,6 +155,7 @@ var capFromName = map[string]linux.Capability{
|
||||||
"CAP_SYSLOG": linux.CAP_SYSLOG,
|
"CAP_SYSLOG": linux.CAP_SYSLOG,
|
||||||
"CAP_WAKE_ALARM": linux.CAP_WAKE_ALARM,
|
"CAP_WAKE_ALARM": linux.CAP_WAKE_ALARM,
|
||||||
"CAP_BLOCK_SUSPEND": linux.CAP_BLOCK_SUSPEND,
|
"CAP_BLOCK_SUSPEND": linux.CAP_BLOCK_SUSPEND,
|
||||||
|
"CAP_AUDIT_READ": linux.CAP_AUDIT_READ,
|
||||||
}
|
}
|
||||||
|
|
||||||
func capsFromNames(names []string) (auth.CapabilitySet, error) {
|
func capsFromNames(names []string) (auth.CapabilitySet, error) {
|
||||||
|
|
Loading…
Reference in New Issue