From b04661802734adf7e69256b7261884a9d04f5122 Mon Sep 17 00:00:00 2001
From: Alex Ellis <alexellis2@gmail.com>
Date: Mon, 1 May 2017 10:59:47 +0100
Subject: [PATCH] Support `none` as capabilities.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
---
 cmd/moby/config.go | 85 ++++++++++++++++++++++++----------------------
 1 file changed, 45 insertions(+), 40 deletions(-)

diff --git a/cmd/moby/config.go b/cmd/moby/config.go
index 7329275d7..2c7726ebd 100644
--- a/cmd/moby/config.go
+++ b/cmd/moby/config.go
@@ -309,46 +309,51 @@ func ConfigInspectToOCI(image *MobyImage, inspect types.ImageInspect) ([]byte, e
 	namespaces = append(namespaces, specs.LinuxNamespace{Type: specs.MountNamespace})
 
 	caps := image.Capabilities
-	if len(caps) == 1 && strings.ToLower(caps[0]) == "all" {
-		caps = []string{
-			"CAP_AUDIT_CONTROL",
-			"CAP_AUDIT_READ",
-			"CAP_AUDIT_WRITE",
-			"CAP_BLOCK_SUSPEND",
-			"CAP_CHOWN",
-			"CAP_DAC_OVERRIDE",
-			"CAP_DAC_READ_SEARCH",
-			"CAP_FOWNER",
-			"CAP_FSETID",
-			"CAP_IPC_LOCK",
-			"CAP_IPC_OWNER",
-			"CAP_KILL",
-			"CAP_LEASE",
-			"CAP_LINUX_IMMUTABLE",
-			"CAP_MAC_ADMIN",
-			"CAP_MAC_OVERRIDE",
-			"CAP_MKNOD",
-			"CAP_NET_ADMIN",
-			"CAP_NET_BIND_SERVICE",
-			"CAP_NET_BROADCAST",
-			"CAP_NET_RAW",
-			"CAP_SETFCAP",
-			"CAP_SETGID",
-			"CAP_SETPCAP",
-			"CAP_SETUID",
-			"CAP_SYSLOG",
-			"CAP_SYS_ADMIN",
-			"CAP_SYS_BOOT",
-			"CAP_SYS_CHROOT",
-			"CAP_SYS_MODULE",
-			"CAP_SYS_NICE",
-			"CAP_SYS_PACCT",
-			"CAP_SYS_PTRACE",
-			"CAP_SYS_RAWIO",
-			"CAP_SYS_RESOURCE",
-			"CAP_SYS_TIME",
-			"CAP_SYS_TTY_CONFIG",
-			"CAP_WAKE_ALARM",
+	if len(caps) == 1 {
+		switch cap := strings.ToLower(caps[0]); cap {
+		case "none":
+			caps = []string{}
+		case "all":
+			caps = []string{
+				"CAP_AUDIT_CONTROL",
+				"CAP_AUDIT_READ",
+				"CAP_AUDIT_WRITE",
+				"CAP_BLOCK_SUSPEND",
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_DAC_READ_SEARCH",
+				"CAP_FOWNER",
+				"CAP_FSETID",
+				"CAP_IPC_LOCK",
+				"CAP_IPC_OWNER",
+				"CAP_KILL",
+				"CAP_LEASE",
+				"CAP_LINUX_IMMUTABLE",
+				"CAP_MAC_ADMIN",
+				"CAP_MAC_OVERRIDE",
+				"CAP_MKNOD",
+				"CAP_NET_ADMIN",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_NET_BROADCAST",
+				"CAP_NET_RAW",
+				"CAP_SETFCAP",
+				"CAP_SETGID",
+				"CAP_SETPCAP",
+				"CAP_SETUID",
+				"CAP_SYSLOG",
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_BOOT",
+				"CAP_SYS_CHROOT",
+				"CAP_SYS_MODULE",
+				"CAP_SYS_NICE",
+				"CAP_SYS_PACCT",
+				"CAP_SYS_PTRACE",
+				"CAP_SYS_RAWIO",
+				"CAP_SYS_RESOURCE",
+				"CAP_SYS_TIME",
+				"CAP_SYS_TTY_CONFIG",
+				"CAP_WAKE_ALARM",
+			}
 		}
 	}