github.com/AliyunContainerService/cli@v0.0.0-20181009023821-814ced4b30d0/internal/pkg/containerized/hostpaths.go (about) 1 package containerized 2 3 import ( 4 "context" 5 6 "github.com/containerd/containerd/containers" 7 "github.com/containerd/containerd/oci" 8 specs "github.com/opencontainers/runtime-spec/specs-go" 9 ) 10 11 // WithAllCapabilities enables all capabilities required to run privileged containers 12 func WithAllCapabilities(_ context.Context, _ oci.Client, c *containers.Container, s *specs.Spec) error { 13 caps := []string{ 14 "CAP_CHOWN", 15 "CAP_DAC_OVERRIDE", 16 "CAP_DAC_READ_SEARCH", 17 "CAP_FOWNER", 18 "CAP_FSETID", 19 "CAP_KILL", 20 "CAP_SETGID", 21 "CAP_SETUID", 22 "CAP_SETPCAP", 23 "CAP_LINUX_IMMUTABLE", 24 "CAP_NET_BIND_SERVICE", 25 "CAP_NET_BROADCAST", 26 "CAP_NET_ADMIN", 27 "CAP_NET_RAW", 28 "CAP_IPC_LOCK", 29 "CAP_IPC_OWNER", 30 "CAP_SYS_MODULE", 31 "CAP_SYS_RAWIO", 32 "CAP_SYS_CHROOT", 33 "CAP_SYS_PTRACE", 34 "CAP_SYS_PACCT", 35 "CAP_SYS_ADMIN", 36 "CAP_SYS_BOOT", 37 "CAP_SYS_NICE", 38 "CAP_SYS_RESOURCE", 39 "CAP_SYS_TIME", 40 "CAP_SYS_TTY_CONFIG", 41 "CAP_MKNOD", 42 "CAP_LEASE", 43 "CAP_AUDIT_WRITE", 44 "CAP_AUDIT_CONTROL", 45 "CAP_SETFCAP", 46 "CAP_MAC_OVERRIDE", 47 "CAP_MAC_ADMIN", 48 "CAP_SYSLOG", 49 "CAP_WAKE_ALARM", 50 "CAP_BLOCK_SUSPEND", 51 "CAP_AUDIT_READ", 52 } 53 if s.Process.Capabilities == nil { 54 s.Process.Capabilities = &specs.LinuxCapabilities{} 55 } 56 s.Process.Capabilities.Bounding = caps 57 s.Process.Capabilities.Effective = caps 58 s.Process.Capabilities.Inheritable = caps 59 s.Process.Capabilities.Permitted = caps 60 return nil 61 }