diff options
author | Brian Goff <cpuguy83@gmail.com> | 2020-07-23 11:03:15 -0700 |
---|---|---|
committer | Brian Goff <cpuguy83@gmail.com> | 2020-07-27 10:09:42 -0700 |
commit | 24f173a003727611aa482a55b812e0e39c67be65 (patch) | |
tree | f640a470a7b00ef6510a41b5d1b66c311348d43d /oci | |
parent | baa321293f74e39442d0c9f88e8d6d3adcb0b418 (diff) |
Replace service "Capabilities" w/ add/drop API
After dicussing with maintainers, it was decided putting the burden of
providing the full cap list on the client is not a good design.
Instead we decided to follow along with the container API and use cap
add/drop.
This brings in the changes already merged into swarmkit.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Diffstat (limited to 'oci')
-rw-r--r-- | oci/caps/utils.go | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/oci/caps/utils.go b/oci/caps/utils.go index ffd3f6f508..4a8ed09e8d 100644 --- a/oci/caps/utils.go +++ b/oci/caps/utils.go @@ -117,17 +117,11 @@ func ValidateCapabilities(caps []string) error { // TweakCapabilities tweaks capabilities by adding, dropping, or overriding // capabilities in the basics capabilities list. -func TweakCapabilities(basics, adds, drops, capabilities []string, privileged bool) ([]string, error) { +func TweakCapabilities(basics, adds, drops []string, privileged bool) ([]string, error) { switch { case privileged: // Privileged containers get all capabilities return GetAllCapabilities(), nil - case capabilities != nil: - // Use custom set of capabilities - if err := ValidateCapabilities(capabilities); err != nil { - return nil, err - } - return capabilities, nil case len(adds) == 0 && len(drops) == 0: // Nothing to tweak; we're done return basics, nil |