From de1f246e891fd6794185373f3d3722f80e1048d5 Mon Sep 17 00:00:00 2001
From: Prashanth Balasubramanian <beeps@google.com>
Date: Tue, 16 Jun 2015 18:59:49 -0700
Subject: [PATCH] Fix benign data race in pod workers.

---
 pkg/capabilities/capabilities.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/pkg/capabilities/capabilities.go b/pkg/capabilities/capabilities.go
index 76830fc27d4..d105f1d6608 100644
--- a/pkg/capabilities/capabilities.go
+++ b/pkg/capabilities/capabilities.go
@@ -29,7 +29,9 @@ type Capabilities struct {
 	HostNetworkSources []string
 }
 
+// TODO: Clean these up into a singleton
 var once sync.Once
+var lock sync.Mutex
 var capabilities *Capabilities
 
 // Initialize the capability set.  This can only be done once per binary, subsequent calls are ignored.
@@ -50,11 +52,16 @@ func Setup(allowPrivileged bool, hostNetworkSources []string) {
 
 // SetCapabilitiesForTests.  Convenience method for testing.  This should only be called from tests.
 func SetForTests(c Capabilities) {
+	lock.Lock()
+	defer lock.Unlock()
 	capabilities = &c
 }
 
 // Returns a read-only copy of the system capabilities.
 func Get() Capabilities {
+	lock.Lock()
+	defer lock.Unlock()
+	// This check prevents clobbering of capabilities that might've been set via SetForTests
 	if capabilities == nil {
 		Initialize(Capabilities{
 			AllowPrivileged:    false,