File tree Expand file tree Collapse file tree 1 file changed +12
-2
lines changed
Expand file tree Collapse file tree 1 file changed +12
-2
lines changed Original file line number Diff line number Diff line change @@ -975,7 +975,7 @@ func (g *Generator) SetupPrivileged(privileged bool) {
975975 // Add all capabilities in privileged mode.
976976 var finalCapList []string
977977 for _ , cap := range capability .List () {
978- if g .HostSpecific && cap > capability . CAP_LAST_CAP {
978+ if g .HostSpecific && cap > lastCap () {
979979 continue
980980 }
981981 finalCapList = append (finalCapList , fmt .Sprintf ("CAP_%s" , strings .ToUpper (cap .String ())))
@@ -988,13 +988,23 @@ func (g *Generator) SetupPrivileged(privileged bool) {
988988 }
989989}
990990
991+ func lastCap () capability.Cap {
992+ last := capability .CAP_LAST_CAP
993+ // hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
994+ if last == capability .Cap (63 ) {
995+ last = capability .CAP_BLOCK_SUSPEND
996+ }
997+
998+ return last
999+ }
1000+
9911001func checkCap (c string , hostSpecific bool ) error {
9921002 isValid := false
9931003 cp := strings .ToUpper (c )
9941004
9951005 for _ , cap := range capability .List () {
9961006 if cp == strings .ToUpper (cap .String ()) {
997- if hostSpecific && cap > capability . CAP_LAST_CAP {
1007+ if hostSpecific && cap > lastCap () {
9981008 return fmt .Errorf ("CAP_%s is not supported on the current host" , cp )
9991009 }
10001010 isValid = true
You can’t perform that action at this time.
0 commit comments