Skip to content

Commit 6210a30

Browse files
hqhqhqhq
authored
Merge pull request #400 from Mashimiao/seccomp-duplicated-default
remove duplicated caps for syscalls
2 parents 2ed047a + 1b32bb5 commit 6210a30

File tree

1 file changed

+12
-13
lines changed

1 file changed

+12
-13
lines changed

generate/seccomp/seccomp_default.go

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -370,26 +370,25 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
370370
var sysCloneFlagsIndex uint
371371

372372
capSysAdmin := false
373-
var cap string
374-
var caps []string
373+
caps := make(map[string]bool)
375374

376-
for _, cap = range rs.Process.Capabilities.Bounding {
377-
caps = append(caps, cap)
375+
for _, cap := range rs.Process.Capabilities.Bounding {
376+
caps[cap] = true
378377
}
379-
for _, cap = range rs.Process.Capabilities.Effective {
380-
caps = append(caps, cap)
378+
for _, cap := range rs.Process.Capabilities.Effective {
379+
caps[cap] = true
381380
}
382-
for _, cap = range rs.Process.Capabilities.Inheritable {
383-
caps = append(caps, cap)
381+
for _, cap := range rs.Process.Capabilities.Inheritable {
382+
caps[cap] = true
384383
}
385-
for _, cap = range rs.Process.Capabilities.Permitted {
386-
caps = append(caps, cap)
384+
for _, cap := range rs.Process.Capabilities.Permitted {
385+
caps[cap] = true
387386
}
388-
for _, cap = range rs.Process.Capabilities.Ambient {
389-
caps = append(caps, cap)
387+
for _, cap := range rs.Process.Capabilities.Ambient {
388+
caps[cap] = true
390389
}
391390

392-
for _, cap = range caps {
391+
for cap := range caps {
393392
switch cap {
394393
case "CAP_DAC_READ_SEARCH":
395394
syscalls = append(syscalls, []rspec.LinuxSyscall{

0 commit comments

Comments
 (0)