func setCapabilities(s *specs.Spec, c *container.Container) error { var caplist []string var err error if c.HostConfig.Privileged { caplist = caps.GetAllCapabilities() } else { caplist, err = caps.TweakCapabilities(s.Process.Capabilities, c.HostConfig.CapAdd, c.HostConfig.CapDrop) if err != nil { return err } } s.Process.Capabilities = caplist return nil }
func execSetPlatformOpt(c *container.Container, ec *exec.Config, p *libcontainerd.Process) error { if len(ec.User) > 0 { uid, gid, additionalGids, err := getUser(c, ec.User) if err != nil { return err } p.User = &libcontainerd.User{ UID: uid, GID: gid, AdditionalGids: additionalGids, } } if ec.Privileged { p.Capabilities = caps.GetAllCapabilities() } return nil }