diff --git a/container_linux.go b/container_linux.go index c44c8dac..54d40617 100644 --- a/container_linux.go +++ b/container_linux.go @@ -193,12 +193,13 @@ func (c *linuxContainer) newSetnsProcess(p *Process, cmd *exec.Cmd, parentPipe, func (c *linuxContainer) newInitConfig(process *Process) *initConfig { return &initConfig{ - Config: c.config, - Args: process.Args, - Env: process.Env, - User: process.User, - Cwd: process.Cwd, - Console: process.consolePath, + Config: c.config, + Args: process.Args, + Env: process.Env, + User: process.User, + Cwd: process.Cwd, + Console: process.consolePath, + Capabilities: process.Capabilities, } } diff --git a/init_linux.go b/init_linux.go index aa95423e..0468b2e9 100644 --- a/init_linux.go +++ b/init_linux.go @@ -40,13 +40,14 @@ type network struct { // initConfig is used for transferring parameters from Exec() to Init() type initConfig struct { - Args []string `json:"args"` - Env []string `json:"env"` - Cwd string `json:"cwd"` - User string `json:"user"` - Config *configs.Config `json:"config"` - Console string `json:"console"` - Networks []*network `json:"network"` + Args []string `json:"args"` + Env []string `json:"env"` + Cwd string `json:"cwd"` + Capabilities []string `json:"capabilities"` + User string `json:"user"` + Config *configs.Config `json:"config"` + Console string `json:"console"` + Networks []*network `json:"network"` } type initer interface { @@ -99,7 +100,12 @@ func finalizeNamespace(config *initConfig) error { if err := utils.CloseExecFrom(3); err != nil { return err } - w, err := newCapWhitelist(config.Config.Capabilities) + + capabilities := config.Config.Capabilities + if config.Capabilities != nil { + capabilities = config.Capabilities + } + w, err := newCapWhitelist(capabilities) if err != nil { return err }