Specific cap-add and cap-drop command #358
Conversation
zhouhao3
force-pushed
the
cap-specific
branch
2 times, most recently
from
935173f to
590d32a
Compare
|
need rebase |
zhouhao3
force-pushed
the
cap-specific
branch
3 times, most recently
from
9f785cd to
3c1bfc1
Compare
|
updated. |
cmd/oci-runtime-tool/generate.go
Outdated
| @@ -77,7 +77,17 @@ var generateFlags = []cli.Flag{ | |||
| cli.StringFlag{Name: "output", Usage: "output file (defaults to stdout)"}, | |||
| cli.BoolFlag{Name: "privileged", Usage: "enable privileged container settings"}, | |||
| cli.StringSliceFlag{Name: "process-cap-add", Usage: "add Linux capabilities"}, | |||
There was a problem hiding this comment.
process-cap-add, process-cap drop should be removed
generate/generate.go
Outdated
| return err | ||
| } | ||
|
|
||
| g.initSpec() |
There was a problem hiding this comment.
should be g.initSpecProcessCapabilities()
man/oci-runtime-tool-generate.1.md
Outdated
| @@ -277,9 +277,39 @@ read the configuration from `config.json`. | |||
| **--process-cap-add**=[] | |||
| Add Linux capabilities | |||
|
|
|||
| **--process-cap-add-ambient**=[] | |||
There was a problem hiding this comment.
Don't forget to modify completion file
|
updated, PTAL. |
|
@Mashimiao @liangchenye @hqhq PTAL |
generate/generate.go
Outdated
| // AddProcessCapability adds a process capability into g.spec.Process.Capabilities. | ||
| func (g *Generator) AddProcessCapability(c string) error { | ||
| // AddProcessAmbientCapability adds a process capability into g.spec.Process.Capabilities.Ambient. | ||
| func (g *Generator) AddProcessAmbientCapability(c string) error { |
There was a problem hiding this comment.
As we did for other generator functions, function's name should be based on spec's item order. As setting value for g.spec.Process.Capabilities.Ambient, the name should be AddProcessCapabilitiesAmbient.
|
LGTM |
|
ping @mrunalp @liangchenye @hqhq PTAL |
|
ping @liangchenye |
|
reping @opencontainers/runtime-tools-maintainers |
|
ping @liangchenye @mrunalp |
Signed-off-by: zhouhao <[email protected]>
Signed-off-by: zhouhao <[email protected]>
zhouhao3
force-pushed
the
cap-specific
branch
from
f0e5a5e to
4f756fd
Compare
|
rebased @Mashimiao @hqhq @liangchenye @mrunalp PTAL |
|
LGTM |
1 similar comment
|
LGTM |
The management of each field of the specific Capabilities.
Signed-off-by: zhouhao [email protected]