kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Fix cap drop issues with lxc

Browse source 
This uses "," instead of spaces so that the flags are parsed correctly
and also does not do a strings.Split on an empty string because
strings.Split will return a slice with one element, and empty string
causing parsing to fail when it validates that the cap exists.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@docker.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-07-16 12:14:26 -07:00
parent 1583e7af41
commit 47917135da
3 changed files with 18 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
daemon/execdriver/lxc/driver.go
View file

@ -123,11 +123,11 @@ func (d *driver) Run(c *execdriver.Command, pipes *execdriver.Pipes, startCallba
} }
if len(c.CapAdd) > 0 { if len(c.CapAdd) > 0 {
params = append(params, "-cap-add", strings.Join(c.CapAdd, " ")) params = append(params, "-cap-add", strings.Join(c.CapAdd, ","))
} }
if len(c.CapDrop) > 0 { if len(c.CapDrop) > 0 {
params = append(params, "-cap-drop", strings.Join(c.CapDrop, " ")) params = append(params, "-cap-drop", strings.Join(c.CapDrop, ","))
} }
params = append(params, "--", c.Entrypoint) params = append(params, "--", c.Entrypoint)

14
daemon/execdriver/lxc/lxc_init_linux.go
View file

@ -49,7 +49,19 @@ func finalizeNamespace(args *execdriver.InitArgs) error {
return fmt.Errorf("clear keep caps %s", err) return fmt.Errorf("clear keep caps %s", err)
} }
caps, err := execdriver.TweakCapabilities(container.Capabilities, strings.Split(args.CapAdd, " "), strings.Split(args.CapDrop, " ")) var (
adds []string
drops []string
)
if args.CapAdd != "" {
adds = strings.Split(args.CapAdd, ",")
}
if args.CapDrop != "" {
drops = strings.Split(args.CapDrop, ",")
}
caps, err := execdriver.TweakCapabilities(container.Capabilities, adds, drops)
if err != nil { if err != nil {
return err return err
} }

6
daemon/execdriver/utils.go
View file

@ -20,7 +20,7 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
continue continue
} }
if !utils.StringsContainsNoCase(allCaps, cap) { if !utils.StringsContainsNoCase(allCaps, cap) {
return nil, fmt.Errorf("Unknown capability: %s", cap) return nil, fmt.Errorf("Unknown capability drop: %q", cap)
} }
} }
@ -49,9 +49,8 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
continue continue
} }
// look for invalid cap in the drop list
if !utils.StringsContainsNoCase(allCaps, cap) { if !utils.StringsContainsNoCase(allCaps, cap) {
return nil, fmt.Errorf("Unknown capability: %s", cap) return nil, fmt.Errorf("Unknown capability to add: %q", cap)
} }
// add cap if not already in the list // add cap if not already in the list
@ -59,5 +58,6 @@ func TweakCapabilities(basics, adds, drops []string) ([]string, error) {
newCaps = append(newCaps, cap) newCaps = append(newCaps, cap)
} }
} }
return newCaps, nil return newCaps, nil
} }