chore: add CapAdd option

Signed-off-by: Arjun Raja Yogidas <[email protected]>

Author: coderbirju

api/handlers/container/create.go

@@ -119,6 +119,11 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		capAdd = req.HostConfig.CapAdd
 	}
 
+	capDrop := []string{}
+	if req.HostConfig.CapDrop != nil {
+		capDrop = req.HostConfig.CapDrop
+	}
+
 	CpuQuota := int64(-1)
 	if req.HostConfig.CPUQuota != 0 {
 		CpuQuota = req.HostConfig.CPUQuota
@@ -194,7 +199,7 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
 		// #region for security flags
 		SecurityOpt: []string{}, // nerdctl default.
 		CapAdd:      capAdd,
-		CapDrop:     []string{}, // nerdctl default.
+		CapDrop:     capDrop,
 		// #endregion
 
 		// #region for runtime flags

api/handlers/container/create_test.go

@@ -583,6 +583,27 @@ var _ = Describe("Container Create API ", func() {
 			Expect(rr.Body).Should(MatchJSON(jsonResponse))
 		})
 
+		It("should set CapDrop option", func() {
+			body := []byte(`{
+				"Image": "test-image",
+				"HostConfig": {
+					"CapDrop": ["MKNOD"]
+				}
+			}`)
+			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))
+
+			// expected create options
+			createOpt.CapDrop = []string{"MKNOD"}
+
+			service.EXPECT().Create(gomock.Any(), "test-image", nil, equalTo(createOpt), equalTo(netOpt)).Return(
+				cid, nil)
+
+			// handler should return success message with 201 status code.
+			h.create(rr, req)
+			Expect(rr).Should(HaveHTTPStatus(http.StatusCreated))
+			Expect(rr.Body).Should(MatchJSON(jsonResponse))
+		})
+
 		It("should return 404 if the image was not found", func() {
 			body := []byte(`{"Image": "test-image"}`)
 			req, _ := http.NewRequest(http.MethodPost, "/containers/create", bytes.NewReader(body))

api/types/container_types.go

@@ -70,8 +70,8 @@ type ContainerHostConfig struct {
 	// TODO: Annotations     map[string]string `json:",omitempty"` // Arbitrary non-identifying metadata attached to container and provided to the runtime
 
 	// Applicable to UNIX platforms
-	CapAdd []string // List of kernel capabilities to add to the container
-	// TODO: CapDrop         strslice.StrSlice // List of kernel capabilities to remove from the container
+	CapAdd  []string // List of kernel capabilities to add to the container
+	CapDrop []string // List of kernel capabilities to remove from the container
 	// TODO: CgroupnsMode    CgroupnsMode      // Cgroup namespace mode to use for the container
 	DNS        []string `json:"Dns"`        // List of DNS server to lookup
 	DNSOptions []string `json:"DnsOptions"` // List of DNSOption to look for