Fix sandbox and gofer capabilities

Capabilities.Set() adds capabilities, but doesn't remove existing ones that might have been loaded. Fixed the code and added tests. PiperOrigin-RevId: 213726369 Change-Id: Id7fa6fce53abf26c29b13b9157bb4c6616986fba
author: Fabricio Voznika <fvoznika@google.com> 2018-09-19 17:14:20 -0700
committer: Shentubot <shentubot@google.com> 2018-09-19 17:15:14 -0700
commit: e3952733011df912ecaa48974832a054a45c345a (patch)
tree: fccc5d39886cfa3d881d86504df06e5b0aed4118 /runsc/cmd/BUILD
parent: 2ad3228cd0f226804cfc7ae3ae7fff561caa2eda (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/runsc/cmd/BUILD b/runsc/cmd/BUILD
index f9c091ba2..7c90ff2c5 100644
--- a/runsc/cmd/BUILD
+++ b/runsc/cmd/BUILD
@@ -55,18 +55,27 @@ go_test(
     name = "cmd_test",
     size = "small",
     srcs = [
+        "capability_test.go",
         "delete_test.go",
         "exec_test.go",
     ],
+    data = [
+        "//runsc",
+    ],
     embed = [":cmd"],
     deps = [
         "//pkg/abi/linux",
+        "//pkg/log",
         "//pkg/sentry/control",
         "//pkg/sentry/kernel/auth",
         "//pkg/urpc",
         "//runsc/boot",
+        "//runsc/container",
+        "//runsc/specutils",
+        "//runsc/test/testutil",
         "@com_github_google_go-cmp//cmp:go_default_library",
         "@com_github_google_go-cmp//cmp/cmpopts:go_default_library",
         "@com_github_opencontainers_runtime-spec//specs-go:go_default_library",
+        "@com_github_syndtr_gocapability//capability:go_default_library",
     ],
 )
author	Fabricio Voznika <fvoznika@google.com>	2018-09-19 17:14:20 -0700
committer	Shentubot <shentubot@google.com>	2018-09-19 17:15:14 -0700
commit	e3952733011df912ecaa48974832a054a45c345a (patch)
tree	fccc5d39886cfa3d881d86504df06e5b0aed4118 /runsc/cmd/BUILD
parent	2ad3228cd0f226804cfc7ae3ae7fff561caa2eda (diff)