Skip to content

Commit

Permalink
special case root capabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
Mahmood Ali committed May 24, 2019
1 parent 3e1b136 commit 1a6454d
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions drivers/shared/executor/executor_linux.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -553,12 +553,20 @@ func configureCapabilities(cfg *lconfigs.Config, command *ExecCommand) error {
// TODO: allow better control of these
// use capabilities list as prior to adopting libcontainer in 0.9
allCaps := supportedCaps()
cfg.Capabilities = &lconfigs.Capabilities{
Bounding: allCaps,
Permitted: nil,
Inheritable: nil,
Ambient: nil,
Effective: nil,

// match capabilities used in Nomad 0.8
if command.User == "root" {
cfg.Capabilities = &lconfigs.Capabilities{
Bounding: allCaps,
Permitted: allCaps,
Effective: allCaps,
Ambient: nil,
Inheritable: nil,
}
} else {
cfg.Capabilities = &lconfigs.Capabilities{
Bounding: allCaps,
}
}

return nil
Expand Down

0 comments on commit 1a6454d

Please sign in to comment.