zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-12-24 11:50:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

libct: simplify Caps inheritance

Browse Source 
For all other properties that are available in both Config and Process,
the merging is performed by newInitConfig.

Let's do the same for Capabilities for the sake of code uniformity.

Also, thanks to the previous commit, we no longer have to make sure we
do not call capabilities.New(nil).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
2025-01-07 19:32:27 -08:00
parent 049a5f76cf
commit 73849e797f
2 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libcontainer/container_linux.go
View File

@@ -700,7 +700,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
GID: process.GID,
AdditionalGroups: process.AdditionalGroups,
Cwd: process.Cwd,
Capabilities: process.Capabilities,
Capabilities: c.config.Capabilities,
PassedFilesCount: len(process.ExtraFiles),
ContainerID: c.ID(),
NoNewPrivileges: c.config.NoNewPrivileges,
@@ -714,6 +714,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
// Overwrite config properties with ones from process.
if process.Capabilities != nil {
cfg.Capabilities = process.Capabilities
}
if process.NoNewPrivileges != nil {
cfg.NoNewPrivileges = *process.NoNewPrivileges
}