kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #42011 from thaJeztah/remove_capabilities_hack

Browse source 
Revert "Temporarily disable CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
This commit is contained in:
Sebastiaan van Stijn 2021-08-04 11:15:09 +02:00 committed by GitHub
commit e6a3313f16
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
oci/caps/utils.go
View file

@ -16,18 +16,6 @@ func init() {
if last == capability.Cap(63) {
last = capability.CAP_BLOCK_SUSPEND
}
if last > capability.CAP_AUDIT_READ {
// Prevents docker from setting CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
// capabilities on privileged (or CAP_ALL) containers on Kernel 5.8 and up.
// While these kernels support these capabilities, the current release of
// runc ships with an older version of /gocapability/capability, and does
// not know about them, causing an error to be produced.
//
// FIXME remove once https://github.com/opencontainers/runc/commit/6dfbe9b80707b1ca188255e8def15263348e0f9a
// is included in a runc release and once we stop supporting containerd 1.3.x
// (which ships with runc v1.0.0-rc92)
last = capability.CAP_AUDIT_READ
}
for _, cap := range capability.List() {
if cap > last {
continue