From 4bf03a0fac48a06298afa149d4339245736810b6 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Sat, 17 May 2014 03:51:02 -0400 Subject: [PATCH] gocapability: upstream fix for unsporrted caps @vmarmol has made the fix upstream for not failing if the capability being dropped is returned as invalid from the syscall, which is the case when the capability is not supported on the host. This is a blocker presently for RHEL6.5 on CAP_SYSLOG. We have patched around this in our RPM for the time being, but this is the proper fix. See also https://github.com/dotcloud/docker/pull/5810 Docker-DCO-1.1-Signed-off-by: Vincent Batts (github: vbatts) --- hack/vendor.sh | 2 +- .../syndtr/gocapability/capability/capability_linux.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/hack/vendor.sh b/hack/vendor.sh index 79322cd9af..28c9fd40f0 100755 --- a/hack/vendor.sh +++ b/hack/vendor.sh @@ -45,7 +45,7 @@ clone git github.com/gorilla/context 708054d61e5 clone git github.com/gorilla/mux 9b36453141c -clone git github.com/syndtr/gocapability 3454319be2 +clone git github.com/syndtr/gocapability 3c85049eae clone hg code.google.com/p/go.net 84a4013f96e0 diff --git a/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go b/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go index 3aaae5973a..c5f335f7fb 100644 --- a/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go +++ b/vendor/src/github.com/syndtr/gocapability/capability/capability_linux.go @@ -388,6 +388,11 @@ func (c *capsV3) Apply(kind CapType) (err error) { } err = prctl(syscall.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0) if err != nil { + // Ignore EINVAL since the capability may not be supported in this system. + if errno, ok := err.(syscall.Errno); ok && errno == syscall.EINVAL { + err = nil + continue + } return } }