diff options
-rw-r--r-- | runsc/specutils/specutils.go | 15 | ||||
-rw-r--r-- | runsc/test/testutil/testutil.go | 1 |
2 files changed, 16 insertions, 0 deletions
diff --git a/runsc/specutils/specutils.go b/runsc/specutils/specutils.go index ab14ed1fc..0e0961801 100644 --- a/runsc/specutils/specutils.go +++ b/runsc/specutils/specutils.go @@ -216,6 +216,21 @@ func Capabilities(specCaps *specs.LinuxCapabilities) (*auth.TaskCapabilities, er return &caps, nil } +// AllCapabilities returns a LinuxCapabilities struct with all capabilities. +func AllCapabilities() *specs.LinuxCapabilities { + var names []string + for n := range capFromName { + names = append(names, n) + } + return &specs.LinuxCapabilities{ + Bounding: names, + Effective: names, + Inheritable: names, + Permitted: names, + Ambient: names, + } +} + var capFromName = map[string]linux.Capability{ "CAP_CHOWN": linux.CAP_CHOWN, "CAP_DAC_OVERRIDE": linux.CAP_DAC_OVERRIDE, diff --git a/runsc/test/testutil/testutil.go b/runsc/test/testutil/testutil.go index d323d7899..c816de3f0 100644 --- a/runsc/test/testutil/testutil.go +++ b/runsc/test/testutil/testutil.go @@ -139,6 +139,7 @@ func NewSpecWithArgs(args ...string) *specs.Spec { Env: []string{ "PATH=" + os.Getenv("PATH"), }, + Capabilities: specutils.AllCapabilities(), }, Mounts: []specs.Mount{ // Root is readonly, but many tests want to write to tmpdir. |