Replace service "Capabilities" w/ add/drop API

After dicussing with maintainers, it was decided putting the burden of providing the full cap list on the client is not a good design. Instead we decided to follow along with the container API and use cap add/drop. This brings in the changes already merged into swarmkit. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
author: Brian Goff <cpuguy83@gmail.com> 2020-07-23 11:03:15 -0700
committer: Brian Goff <cpuguy83@gmail.com> 2020-07-27 10:09:42 -0700
commit: 24f173a003727611aa482a55b812e0e39c67be65 (patch)
tree: f640a470a7b00ef6510a41b5d1b66c311348d43d /oci
parent: baa321293f74e39442d0c9f88e8d6d3adcb0b418 (diff)
1 files changed, 1 insertions, 7 deletions
diff --git a/oci/caps/utils.go b/oci/caps/utils.go
index ffd3f6f508..4a8ed09e8d 100644
--- a/oci/caps/utils.go
+++ b/oci/caps/utils.go
@@ -117,17 +117,11 @@ func ValidateCapabilities(caps []string) error {
 
 // TweakCapabilities tweaks capabilities by adding, dropping, or overriding
 // capabilities in the basics capabilities list.
-func TweakCapabilities(basics, adds, drops, capabilities []string, privileged bool) ([]string, error) {
+func TweakCapabilities(basics, adds, drops []string, privileged bool) ([]string, error) {
 	switch {
 	case privileged:
 		// Privileged containers get all capabilities
 		return GetAllCapabilities(), nil
-	case capabilities != nil:
-		// Use custom set of capabilities
-		if err := ValidateCapabilities(capabilities); err != nil {
-			return nil, err
-		}
-		return capabilities, nil
 	case len(adds) == 0 && len(drops) == 0:
 		// Nothing to tweak; we're done
 		return basics, nil
author	Brian Goff <cpuguy83@gmail.com>	2020-07-23 11:03:15 -0700
committer	Brian Goff <cpuguy83@gmail.com>	2020-07-27 10:09:42 -0700
commit	24f173a003727611aa482a55b812e0e39c67be65 (patch)
tree	f640a470a7b00ef6510a41b5d1b66c311348d43d /oci
parent	baa321293f74e39442d0c9f88e8d6d3adcb0b418 (diff)