diff options
author | Fabricio Voznika <fvoznika@google.com> | 2018-09-19 17:14:20 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-09-19 17:15:14 -0700 |
commit | e3952733011df912ecaa48974832a054a45c345a (patch) | |
tree | fccc5d39886cfa3d881d86504df06e5b0aed4118 /runsc/boot | |
parent | 2ad3228cd0f226804cfc7ae3ae7fff561caa2eda (diff) |
Fix sandbox and gofer capabilities
Capabilities.Set() adds capabilities,
but doesn't remove existing ones that might have been loaded. Fixed
the code and added tests.
PiperOrigin-RevId: 213726369
Change-Id: Id7fa6fce53abf26c29b13b9157bb4c6616986fba
Diffstat (limited to 'runsc/boot')
-rw-r--r-- | runsc/boot/fs.go | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index 420e57022..59ae5faae 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -428,13 +428,13 @@ func parseAndFilterOptions(opts []string, allowedKeys ...string) ([]string, erro kv := strings.Split(o, "=") switch len(kv) { case 1: - if contains(allowedKeys, o) { + if specutils.ContainsStr(allowedKeys, o) { out = append(out, o) continue } log.Warningf("ignoring unsupported key %q", kv) case 2: - if contains(allowedKeys, kv[0]) { + if specutils.ContainsStr(allowedKeys, kv[0]) { out = append(out, o) continue } @@ -540,15 +540,6 @@ func mountFlags(opts []string) fs.MountSourceFlags { return mf } -func contains(strs []string, str string) bool { - for _, s := range strs { - if s == str { - return true - } - } - return false -} - func mustFindFilesystem(name string) fs.Filesystem { fs, ok := fs.FindFilesystem(name) if !ok { |