summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pkg/abi/linux/capability.go5
-rw-r--r--runsc/boot/capability.go3
-rw-r--r--runsc/specutils/specutils.go3
3 files changed, 7 insertions, 4 deletions
diff --git a/pkg/abi/linux/capability.go b/pkg/abi/linux/capability.go
index 1a1bd0ce3..b470ce0a5 100644
--- a/pkg/abi/linux/capability.go
+++ b/pkg/abi/linux/capability.go
@@ -32,7 +32,7 @@ const (
CAP_SETPCAP = Capability(8)
CAP_LINUX_IMMUTABLE = Capability(9)
CAP_NET_BIND_SERVICE = Capability(10)
- CAP_NET_BROAD_CAST = Capability(11)
+ CAP_NET_BROADCAST = Capability(11)
CAP_NET_ADMIN = Capability(12)
CAP_NET_RAW = Capability(13)
CAP_IPC_LOCK = Capability(14)
@@ -58,9 +58,10 @@ const (
CAP_SYSLOG = Capability(34)
CAP_WAKE_ALARM = Capability(35)
CAP_BLOCK_SUSPEND = Capability(36)
+ CAP_AUDIT_READ = Capability(37)
// MaxCapability is the highest-numbered capability.
- MaxCapability = Capability(36) // CAP_BLOCK_SUSPEND as of 3.11
+ MaxCapability = CAP_AUDIT_READ
)
// Ok returns true if cp is a supported capability.
diff --git a/runsc/boot/capability.go b/runsc/boot/capability.go
index 4c6a59245..efa28fb97 100644
--- a/runsc/boot/capability.go
+++ b/runsc/boot/capability.go
@@ -91,7 +91,7 @@ var capFromName = map[string]capability.Cap{
"CAP_SETPCAP": capability.CAP_SETPCAP,
"CAP_LINUX_IMMUTABLE": capability.CAP_LINUX_IMMUTABLE,
"CAP_NET_BIND_SERVICE": capability.CAP_NET_BIND_SERVICE,
- "CAP_NET_BROAD_CAST": capability.CAP_NET_BROADCAST,
+ "CAP_NET_BROADCAST": capability.CAP_NET_BROADCAST,
"CAP_NET_ADMIN": capability.CAP_NET_ADMIN,
"CAP_NET_RAW": capability.CAP_NET_RAW,
"CAP_IPC_LOCK": capability.CAP_IPC_LOCK,
@@ -117,4 +117,5 @@ var capFromName = map[string]capability.Cap{
"CAP_SYSLOG": capability.CAP_SYSLOG,
"CAP_WAKE_ALARM": capability.CAP_WAKE_ALARM,
"CAP_BLOCK_SUSPEND": capability.CAP_BLOCK_SUSPEND,
+ "CAP_AUDIT_READ": capability.CAP_AUDIT_READ,
}
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go
index 04ecb6ae3..dcb4b20db 100644
--- a/runsc/specutils/specutils.go
+++ b/runsc/specutils/specutils.go
@@ -129,7 +129,7 @@ var capFromName = map[string]linux.Capability{
"CAP_SETPCAP": linux.CAP_SETPCAP,
"CAP_LINUX_IMMUTABLE": linux.CAP_LINUX_IMMUTABLE,
"CAP_NET_BIND_SERVICE": linux.CAP_NET_BIND_SERVICE,
- "CAP_NET_BROAD_CAST": linux.CAP_NET_BROAD_CAST,
+ "CAP_NET_BROADCAST": linux.CAP_NET_BROADCAST,
"CAP_NET_ADMIN": linux.CAP_NET_ADMIN,
"CAP_NET_RAW": linux.CAP_NET_RAW,
"CAP_IPC_LOCK": linux.CAP_IPC_LOCK,
@@ -155,6 +155,7 @@ var capFromName = map[string]linux.Capability{
"CAP_SYSLOG": linux.CAP_SYSLOG,
"CAP_WAKE_ALARM": linux.CAP_WAKE_ALARM,
"CAP_BLOCK_SUSPEND": linux.CAP_BLOCK_SUSPEND,
+ "CAP_AUDIT_READ": linux.CAP_AUDIT_READ,
}
func capsFromNames(names []string) (auth.CapabilitySet, error) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 06:45:59 +0000