Skip to content

Commit 68c195c

Browse files
runcomruncom
committed
generate: drop caps in every cap set
commit afc8d35 updated the runtime-spec version but introduced a bug when dropping capabilities. If you drop a capability it will only be dropped in the Bounding capabilities set while kept in the other sets. This causes a bug when using the generated config.json in which containers cannot be started at all. This patch fixes the above by dropping `return nil` statements. Signed-off-by: Antonio Murdaca <[email protected]>
1 parent 69626a4 commit 68c195c

File tree

1 file changed

+0
-5
lines changed

1 file changed

+0
-5
lines changed

generate/generate.go

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -912,35 +912,30 @@ func (g *Generator) DropProcessCapability(c string) error {
912912
for i, cap := range g.spec.Process.Capabilities.Bounding {
913913
if strings.ToUpper(cap) == cp {
914914
g.spec.Process.Capabilities.Bounding = append(g.spec.Process.Capabilities.Bounding[:i], g.spec.Process.Capabilities.Bounding[i+1:]...)
915-
return nil
916915
}
917916
}
918917

919918
for i, cap := range g.spec.Process.Capabilities.Effective {
920919
if strings.ToUpper(cap) == cp {
921920
g.spec.Process.Capabilities.Effective = append(g.spec.Process.Capabilities.Effective[:i], g.spec.Process.Capabilities.Effective[i+1:]...)
922-
return nil
923921
}
924922
}
925923

926924
for i, cap := range g.spec.Process.Capabilities.Inheritable {
927925
if strings.ToUpper(cap) == cp {
928926
g.spec.Process.Capabilities.Inheritable = append(g.spec.Process.Capabilities.Inheritable[:i], g.spec.Process.Capabilities.Inheritable[i+1:]...)
929-
return nil
930927
}
931928
}
932929

933930
for i, cap := range g.spec.Process.Capabilities.Permitted {
934931
if strings.ToUpper(cap) == cp {
935932
g.spec.Process.Capabilities.Permitted = append(g.spec.Process.Capabilities.Permitted[:i], g.spec.Process.Capabilities.Permitted[i+1:]...)
936-
return nil
937933
}
938934
}
939935

940936
for i, cap := range g.spec.Process.Capabilities.Ambient {
941937
if strings.ToUpper(cap) == cp {
942938
g.spec.Process.Capabilities.Ambient = append(g.spec.Process.Capabilities.Ambient[:i], g.spec.Process.Capabilities.Ambient[i+1:]...)
943-
return nil
944939
}
945940
}
946941

0 commit comments

Comments
 (0)