libct: simplify Caps inheritance

kolyshkin · kolyshkin · commit 73849e797f99 · 2025-02-11T18:01:30.000-08:00
For all other properties that are available in both Config and Process,
the merging is performed by newInitConfig.

Let's do the same for Capabilities for the sake of code uniformity.

Also, thanks to the previous commit, we no longer have to make sure we
do not call capabilities.New(nil).

Signed-off-by: Kir Kolyshkin &lt;kolyshkin@gmail.com&gt;
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
@@ -700,7 +700,7 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
 		GID:              process.GID,
 		AdditionalGroups: process.AdditionalGroups,
 		Cwd:              process.Cwd,
-		Capabilities:     process.Capabilities,
+		Capabilities:     c.config.Capabilities,
 		PassedFilesCount: len(process.ExtraFiles),
 		ContainerID:      c.ID(),
 		NoNewPrivileges:  c.config.NoNewPrivileges,
@@ -714,6 +714,9 @@ func (c *Container) newInitConfig(process *Process) *initConfig {
 
 	// Overwrite config properties with ones from process.
 
+	if process.Capabilities != nil {
+		cfg.Capabilities = process.Capabilities
+	}
 	if process.NoNewPrivileges != nil {
 		cfg.NoNewPrivileges = *process.NoNewPrivileges
 	}
diff --git a/libcontainer/init_linux.go b/libcontainer/init_linux.go
@@ -322,13 +322,7 @@ func finalizeNamespace(config *initConfig) error {
 		}
 	}
 
-	caps := &configs.Capabilities{}
-	if config.Capabilities != nil {
-		caps = config.Capabilities
-	} else if config.Config.Capabilities != nil {
-		caps = config.Config.Capabilities
-	}
-	w, err := capabilities.New(caps)
+	w, err := capabilities.New(config.Capabilities)
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -322,13 +322,7 @@ func finalizeNamespace(config *initConfig) error {`
`322`	`322`	`}`
`323`	`323`	`}`
`324`	`324`
`325`		`- caps := &configs.Capabilities{}`
`326`		`- if config.Capabilities != nil {`
`327`		`- caps = config.Capabilities`
`328`		`- } else if config.Config.Capabilities != nil {`
`329`		`- caps = config.Config.Capabilities`
`330`		`- }`
`331`		`- w, err := capabilities.New(caps)`
	`325`	`+ w, err := capabilities.New(config.Capabilities)`
`332`	`326`	`if err != nil {`
`333`	`327`	`return err`
`334`	`328`	`}`