Pass down process Capabilities and apply them if present.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2015-03-25 15:40:32 -04:00 · 2015-03-25 15:40:32 -04:00 · ca73d7aede
parent d284fdfaa3
commit ca73d7aede
2 changed files with 21 additions and 14 deletions
--- a/container_linux.go
+++ b/container_linux.go
@ -199,6 +199,7 @@ func (c *linuxContainer) newInitConfig(process *Process) *initConfig {
 		User:         process.User,
 		Cwd:          process.Cwd,
 		Console:      process.consolePath,
+		Capabilities: process.Capabilities,
 	}
 }

--- a/init_linux.go
+++ b/init_linux.go
@ -43,6 +43,7 @@ type initConfig struct {
 	Args         []string        `json:"args"`
 	Env          []string        `json:"env"`
 	Cwd          string          `json:"cwd"`
+	Capabilities []string        `json:"capabilities"`
 	User         string          `json:"user"`
 	Config       *configs.Config `json:"config"`
 	Console      string          `json:"console"`
@ -99,7 +100,12 @@ func finalizeNamespace(config *initConfig) error {
 	if err := utils.CloseExecFrom(3); err != nil {
 		return err
 	}
-	w, err := newCapWhitelist(config.Config.Capabilities)
+
+	capabilities := config.Config.Capabilities
+	if config.Capabilities != nil {
+		capabilities = config.Capabilities
+	}
+	w, err := newCapWhitelist(capabilities)
 	if err != nil {
 		return err
 	}