From e56a96c5c10d8e70e08a7bada7a353fb8b4ff3a3 Mon Sep 17 00:00:00 2001
From: Darren Shepherd <darren@rancher.com>
Date: Thu, 7 Feb 2019 20:52:26 -0700
Subject: [PATCH] Set all sources so node+agent in the same process doesn't get
 restricted

---
 pkg/capabilities/capabilities.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/capabilities/capabilities.go b/pkg/capabilities/capabilities.go
index 9054a5cedbd..4b12beb2b98 100644
--- a/pkg/capabilities/capabilities.go
+++ b/pkg/capabilities/capabilities.go
@@ -18,6 +18,8 @@ package capabilities
 
 import (
 	"sync"
+
+	"k8s.io/kubernetes/pkg/kubelet/types"
 )
 
 // Capabilities defines the set of capabilities available within the system.
@@ -62,8 +64,16 @@ func Initialize(c Capabilities) {
 
 // Setup the capability set.  It wraps Initialize for improving usability.
 func Setup(allowPrivileged bool, perConnectionBytesPerSec int64) {
+	all, _ := types.GetValidatedSources([]string{types.AllSource})
+
 	Initialize(Capabilities{
-		AllowPrivileged:                        allowPrivileged,
+		AllowPrivileged: allowPrivileged,
+		// TODO(vmarmol): Implement support for HostNetworkSources.
+		PrivilegedSources: PrivilegedSources{
+			HostNetworkSources: all,
+			HostPIDSources:     all,
+			HostIPCSources:     all,
+		},
 		PerConnectionBandwidthLimitBytesPerSec: perConnectionBytesPerSec,
 	})
 }