From 2478b8f4006a93bbb1ec9ab57d833d477e2a2a40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Fri, 8 Jan 2021 20:07:24 +0100
Subject: [PATCH] rootfs: Always add SYS_ADMIN, CHROOT, and MKNOD caps to
 docker cmdline
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We use those, independently of the distro.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
---
 tools/osbuilder/rootfs-builder/rootfs.sh | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/tools/osbuilder/rootfs-builder/rootfs.sh b/tools/osbuilder/rootfs-builder/rootfs.sh
index a10907bc08..6f627d14ec 100755
--- a/tools/osbuilder/rootfs-builder/rootfs.sh
+++ b/tools/osbuilder/rootfs-builder/rootfs.sh
@@ -181,29 +181,22 @@ docker_extra_args()
 {
 	local args=""
 
+	# Required to mount inside a container
+	args+=" --cap-add SYS_ADMIN"
+	# Requred to chroot
+	args+=" --cap-add SYS_CHROOT"
+	# debootstrap needs to create device nodes to properly function
+	args+=" --cap-add MKNOD"
+
 	case "$1" in
 	 gentoo)
-		# Requred to chroot
-		args+=" --cap-add SYS_CHROOT"
-		# debootstrap needs to create device nodes to properly function
-		args+=" --cap-add MKNOD"
-		# Required to mount inside a container
-		args+=" --cap-add SYS_ADMIN"
 		# Required to build glibc
 		args+=" --cap-add SYS_PTRACE"
 		# mount portage volume
 		args+=" -v ${gentoo_local_portage_dir}:/usr/portage/packages"
 		args+=" --volumes-from ${gentoo_portage_container}"
 		;;
-	 ubuntu | debian)
-		# Requred to chroot
-		args+=" --cap-add SYS_CHROOT"
-		# debootstrap needs to create device nodes to properly function
-		args+=" --cap-add MKNOD"
-		;;
 	suse)
-		# Required to mount inside a container
-		args+=" --cap-add SYS_ADMIN"
 		# When AppArmor is enabled, mounting inside a container is blocked with docker-default profile.
 		# See https://github.com/moby/moby/issues/16429
 		args+=" --security-opt apparmor=unconfined"