diff options
author | Ian Lewis <ianlewis@google.com> | 2021-05-31 20:00:17 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-05-31 20:02:43 -0700 |
commit | 4f374699818fec39dccdfcb07752fd0f728fe53d (patch) | |
tree | a772d7b94b9ce9b68a2f7b1c1530c06f4ea3e41e | |
parent | 30bca3270b9aba3394363a7fbb81291c9b0bb898 (diff) |
Update comments on ambient caps to point to bug
PiperOrigin-RevId: 376747671
-rw-r--r-- | pkg/sentry/kernel/auth/credentials.go | 2 | ||||
-rw-r--r-- | runsc/specutils/specutils.go | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/pkg/sentry/kernel/auth/credentials.go b/pkg/sentry/kernel/auth/credentials.go index 6862f2ef5..3325fedcb 100644 --- a/pkg/sentry/kernel/auth/credentials.go +++ b/pkg/sentry/kernel/auth/credentials.go @@ -125,7 +125,7 @@ func NewUserCredentials(kuid KUID, kgid KGID, extraKGIDs []KGID, capabilities *T creds.EffectiveCaps = capabilities.EffectiveCaps creds.BoundingCaps = capabilities.BoundingCaps creds.InheritableCaps = capabilities.InheritableCaps - // TODO(nlacasse): Support ambient capabilities. + // TODO(gvisor.dev/issue/3166): Support ambient capabilities. } else { // If no capabilities are specified, grant capabilities consistent with // setresuid + setresgid from NewRootCredentials to the given uid and diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index 11b476690..c228d6299 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -246,7 +246,7 @@ func Capabilities(enableRaw bool, specCaps *specs.LinuxCapabilities) (*auth.Task if caps.PermittedCaps, err = capsFromNames(specCaps.Permitted, skipSet); err != nil { return nil, err } - // TODO(nlacasse): Support ambient capabilities. + // TODO(gvisor.dev/issue/3166): Support ambient capabilities. } return &caps, nil } |