caps: fix buildah run --cap-add=all

Fixes #3755 [NO NEW TESTS REQUIRED] Signed-off-by: Ruben Jenster <[email protected]> Signed-off-by: Daniel J Walsh <[email protected]>
containers · Feb 3, 2022 · 77df442 · 77df442
1 parent 622bc3a
commit 77df442
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/chroot/run.go b/chroot/run.go
@@ -902,29 +902,30 @@ func setCapabilities(spec *specs.Spec, keepCaps ...string) error {
 		capability.AMBIENT:     spec.Process.Capabilities.Ambient,
 	}
 	knownCaps := capability.List()
+	noCap := capability.Cap(-1)
 	for capType, capList := range capMap {
 		for _, capToSet := range capList {
-			cap := capability.CAP_LAST_CAP
+			cap := noCap
 			for _, c := range knownCaps {
 				if strings.EqualFold("CAP_"+c.String(), capToSet) {
 					cap = c
 					break
 				}
 			}
-			if cap == capability.CAP_LAST_CAP {
+			if cap == noCap {
 				return errors.Errorf("error mapping capability %q to a number", capToSet)
 			}
 			caps.Set(capType, cap)
 		}
 		for _, capToSet := range keepCaps {
-			cap := capability.CAP_LAST_CAP
+			cap := noCap
 			for _, c := range knownCaps {
 				if strings.EqualFold("CAP_"+c.String(), capToSet) {
 					cap = c
 					break
 				}
 			}
-			if cap == capability.CAP_LAST_CAP {
+			if cap == noCap {
 				return errors.Errorf("error mapping capability %q to a number", capToSet)
 			}
 			if currentCaps.Get(capType, cap) {