diff options
| author | Fabricio Voznika <fvoznika@google.com> | 2018-05-04 09:38:35 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-05-04 09:39:28 -0700 |
| commit | c90fefc1161c58af34856aff7b7012f19f5d1f1b (patch) | |
| tree | ba362b570d0d8e7cf57c40c80179cbbf2b7144bb | |
| parent | 7e82550bf7a383d0aa3b3c4c8107bc32816ca5d5 (diff) | |
Fix runsc capabilities
There was a typo and one new capability missing from the list
PiperOrigin-RevId: 195427713
Change-Id: I6d9e1c6e77b48fe85ef10d9f54c70c8a7271f6e7
| -rw-r--r-- | pkg/abi/linux/capability.go | 5 | ||||
| -rw-r--r-- | runsc/boot/capability.go | 3 | ||||
| -rw-r--r-- | runsc/specutils/specutils.go | 3 |
3 files changed, 7 insertions, 4 deletions
diff --git a/pkg/abi/linux/capability.go b/pkg/abi/linux/capability.go index 1a1bd0ce3..b470ce0a5 100644 --- a/pkg/abi/linux/capability.go +++ b/pkg/abi/linux/capability.go @@ -32,7 +32,7 @@ const ( CAP_SETPCAP = Capability(8) CAP_LINUX_IMMUTABLE = Capability(9) CAP_NET_BIND_SERVICE = Capability(10) - CAP_NET_BROAD_CAST = Capability(11) + CAP_NET_BROADCAST = Capability(11) CAP_NET_ADMIN = Capability(12) CAP_NET_RAW = Capability(13) CAP_IPC_LOCK = Capability(14) @@ -58,9 +58,10 @@ const ( CAP_SYSLOG = Capability(34) CAP_WAKE_ALARM = Capability(35) CAP_BLOCK_SUSPEND = Capability(36) + CAP_AUDIT_READ = Capability(37) // MaxCapability is the highest-numbered capability. - MaxCapability = Capability(36) // CAP_BLOCK_SUSPEND as of 3.11 + MaxCapability = CAP_AUDIT_READ ) // Ok returns true if cp is a supported capability. diff --git a/runsc/boot/capability.go b/runsc/boot/capability.go index 4c6a59245..efa28fb97 100644 --- a/runsc/boot/capability.go +++ b/runsc/boot/capability.go @@ -91,7 +91,7 @@ var capFromName = map[string]capability.Cap{ "CAP_SETPCAP": capability.CAP_SETPCAP, "CAP_LINUX_IMMUTABLE": capability.CAP_LINUX_IMMUTABLE, "CAP_NET_BIND_SERVICE": capability.CAP_NET_BIND_SERVICE, - "CAP_NET_BROAD_CAST": capability.CAP_NET_BROADCAST, + "CAP_NET_BROADCAST": capability.CAP_NET_BROADCAST, "CAP_NET_ADMIN": capability.CAP_NET_ADMIN, "CAP_NET_RAW": capability.CAP_NET_RAW, "CAP_IPC_LOCK": capability.CAP_IPC_LOCK, @@ -117,4 +117,5 @@ var capFromName = map[string]capability.Cap{ "CAP_SYSLOG": capability.CAP_SYSLOG, "CAP_WAKE_ALARM": capability.CAP_WAKE_ALARM, "CAP_BLOCK_SUSPEND": capability.CAP_BLOCK_SUSPEND, + "CAP_AUDIT_READ": capability.CAP_AUDIT_READ, } diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index 04ecb6ae3..dcb4b20db 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -129,7 +129,7 @@ var capFromName = map[string]linux.Capability{ "CAP_SETPCAP": linux.CAP_SETPCAP, "CAP_LINUX_IMMUTABLE": linux.CAP_LINUX_IMMUTABLE, "CAP_NET_BIND_SERVICE": linux.CAP_NET_BIND_SERVICE, - "CAP_NET_BROAD_CAST": linux.CAP_NET_BROAD_CAST, + "CAP_NET_BROADCAST": linux.CAP_NET_BROADCAST, "CAP_NET_ADMIN": linux.CAP_NET_ADMIN, "CAP_NET_RAW": linux.CAP_NET_RAW, "CAP_IPC_LOCK": linux.CAP_IPC_LOCK, @@ -155,6 +155,7 @@ var capFromName = map[string]linux.Capability{ "CAP_SYSLOG": linux.CAP_SYSLOG, "CAP_WAKE_ALARM": linux.CAP_WAKE_ALARM, "CAP_BLOCK_SUSPEND": linux.CAP_BLOCK_SUSPEND, + "CAP_AUDIT_READ": linux.CAP_AUDIT_READ, } func capsFromNames(names []string) (auth.CapabilitySet, error) { |