compute allCaps as necessary

Here, we move allCaps from static initializers to being called on demand as needed. This is needed to simplify reasoning around `init()` ordering handling along with executor `init()` command handler. Also, given that an executor is responsible for starting a single container/task, inlining the call doesn't add significant overhead and eliminates initializing overhead in nomad and driver processes.
hashicorp · May 18, 2019 · 251e473 · 251e473
1 parent dd209d6
commit 251e473
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/drivers/shared/executor/executor_linux.go b/drivers/shared/executor/executor_linux.go
@@ -45,13 +45,11 @@ var (
 
 	// ExecutorCgroupMeasuredCpuStats is the list of CPU stats captures by the executor
 	ExecutorCgroupMeasuredCpuStats = []string{"System Mode", "User Mode", "Throttled Periods", "Throttled Time", "Percent"}
-
-	// allCaps is all linux capabilities which is used to configure libcontainer
-	allCaps []string
 )
 
-// initialize the allCaps var with all capabilities available on the system
-func init() {
+// compute linux capabilities to use for configuring libcontainer
+func computeAllCaps() []string {
+	allCaps := []string{}
 	last := capability.CAP_LAST_CAP
 	// workaround for RHEL6 which has no /proc/sys/kernel/cap_last_cap
 	if last == capability.Cap(63) {
@@ -63,6 +61,7 @@ func init() {
 		}
 		allCaps = append(allCaps, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
 	}
+	return allCaps
 }
 
 // LibcontainerExecutor implements an Executor with the runc/libcontainer api
@@ -569,6 +568,7 @@ func (l *LibcontainerExecutor) handleExecWait(ch chan *waitResult, process *libc
 
 func configureCapabilities(cfg *lconfigs.Config, command *ExecCommand) error {
 	// TODO: allow better control of these
+	allCaps := computeAllCaps()
 	cfg.Capabilities = &lconfigs.Capabilities{
 		Bounding:    allCaps,
 		Permitted:   allCaps,