summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2018-09-19 17:14:20 -0700
committerShentubot <shentubot@google.com>2018-09-19 17:15:14 -0700
commite3952733011df912ecaa48974832a054a45c345a (patch)
treefccc5d39886cfa3d881d86504df06e5b0aed4118 /runsc/boot
parent2ad3228cd0f226804cfc7ae3ae7fff561caa2eda (diff)
Fix sandbox and gofer capabilities
Capabilities.Set() adds capabilities, but doesn't remove existing ones that might have been loaded. Fixed the code and added tests. PiperOrigin-RevId: 213726369 Change-Id: Id7fa6fce53abf26c29b13b9157bb4c6616986fba
Diffstat (limited to 'runsc/boot')
-rw-r--r--runsc/boot/fs.go13
1 files changed, 2 insertions, 11 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index 420e57022..59ae5faae 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -428,13 +428,13 @@ func parseAndFilterOptions(opts []string, allowedKeys ...string) ([]string, erro
kv := strings.Split(o, "=")
switch len(kv) {
case 1:
- if contains(allowedKeys, o) {
+ if specutils.ContainsStr(allowedKeys, o) {
out = append(out, o)
continue
}
log.Warningf("ignoring unsupported key %q", kv)
case 2:
- if contains(allowedKeys, kv[0]) {
+ if specutils.ContainsStr(allowedKeys, kv[0]) {
out = append(out, o)
continue
}
@@ -540,15 +540,6 @@ func mountFlags(opts []string) fs.MountSourceFlags {
return mf
}
-func contains(strs []string, str string) bool {
- for _, s := range strs {
- if s == str {
- return true
- }
- }
- return false
-}
-
func mustFindFilesystem(name string) fs.Filesystem {
fs, ok := fs.FindFilesystem(name)
if !ok {