Add support for Caps Options. #17
Conversation
|
Vendor grabbed too much here. Don't want to update kube and CNI vendors with this. Can you redo the vendor and commit only what we actually need? |
|
mheon, I think we could actually drop some of these vendors. But I can do that. |
|
BTW This is working. :^) Very Cool. |
|
@rhatdan I think we should hold off until libkpod disappears. We can probably drop half our vendors then |
|
☔ The latest upstream changes (presumably 098389d) made this pull request unmergeable. Please resolve the merge conflicts. |
rhatdan
changed the title
|
@mheon @baude @umohnani8 PTAL |
|
LGTM pending tests |
| configSpec.Process.Capabilities.Bounding = caplist | ||
| configSpec.Process.Capabilities.Permitted = caplist | ||
| configSpec.Process.Capabilities.Inheritable = caplist | ||
| configSpec.Process.Capabilities.Effective = caplist |
There was a problem hiding this comment.
Would you consider plopping this into a function that returned a spec.Process.Capablilties type? I did that for some of the larger things like volumes and keeps this clean
There was a problem hiding this comment.
oh, and if you do, some unittests would be really handy. you could come back around this, because I have a PR that initiates the tests.
rhatdan
force-pushed
the
caps
branch
4 times, most recently
from
4b325d6 to
a02b2f2
Compare
Had to revendor in docker/docker again, which dropped a bunch of packages Signed-off-by: Daniel J Walsh <[email protected]>
|
@rhatdan ready for merge ? |
|
📌 Commit 619637a has been approved by |
|
⌛ Testing commit 619637a with merge 5d94d81... |
|
💔 Test failed - status-papr |
|
No idea what the homu test is about? |
|
I don't see anything failing, so I am going to merge. |
This directory just had Markdown and vendor.conf. I'm not sure why we have it in our version control, maybe old versions of vndr kept it? Or maybe folk dropped it into vendor/ by hand without using vndr? The history of that vendored directory is: * 619637a (Handle Linux Capabilities from command line, 2017-11-03, containers#17) added the three files to our version control. * c344fe6 (Update vendoring, 2017-11-22, containers#60) bumped hack/README.md. * af64e10 (Vendor in lots of kubernetes stuff to shrink image size, 2018-03-26, containers#554) bumped hack/README.md. * 27107fd (Vendor in latest containers/image and contaners/storage, 2018-04-18, containers#509) removed the files. * a824186 (Use buildah commit and bud in podman, 2018-04-25, containers#681) added the files back. * I'm removing them again in this commit. With this commit, $ vndr github.com/docker/docker becomes a no-op. Signed-off-by: W. Trevor King <[email protected]>
This directory just had Markdown and vendor.conf. I'm not sure why we have it in our version control, maybe old versions of vndr kept it? Or maybe folk dropped it into vendor/ by hand without using vndr? The history of that vendored directory is: * 619637a (Handle Linux Capabilities from command line, 2017-11-03, #17) added the three files to our version control. * c344fe6 (Update vendoring, 2017-11-22, #60) bumped hack/README.md. * af64e10 (Vendor in lots of kubernetes stuff to shrink image size, 2018-03-26, #554) bumped hack/README.md. * 27107fd (Vendor in latest containers/image and contaners/storage, 2018-04-18, #509) removed the files. * a824186 (Use buildah commit and bud in podman, 2018-04-25, #681) added the files back. * I'm removing them again in this commit. With this commit, $ vndr github.com/docker/docker becomes a no-op. Signed-off-by: W. Trevor King <[email protected]> Closes: #752 Approved by: baude
pkg/ns: use unix.Setns() instead of open coding it
github-actions
bot
added
the
locked - please file new issue/PR
Still has security options handling, which should be merged first