Support none as capabilities.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
2025-07-21 18:11:35 +00:00 · 2017-05-01 10:59:47 +01:00 · 2017-05-01 10:59:47 +01:00 · b046618027
commit b046618027
parent d504afe479
1 changed files with 45 additions and 40 deletions
--- a/cmd/moby/config.go
+++ b/cmd/moby/config.go
@ -309,46 +309,51 @@ func ConfigInspectToOCI(image *MobyImage, inspect types.ImageInspect) ([]byte, e
 	namespaces = append(namespaces, specs.LinuxNamespace{Type: specs.MountNamespace})
 	caps := image.Capabilities
-	if len(caps) == 1 && strings.ToLower(caps[0]) == "all" {
+	if len(caps) == 1 {
-		caps = []string{
+		switch cap := strings.ToLower(caps[0]); cap {
-			"CAP_AUDIT_CONTROL",
+		case "none":
-			"CAP_AUDIT_READ",
+			caps = []string{}
-			"CAP_AUDIT_WRITE",
+		case "all":
-			"CAP_BLOCK_SUSPEND",
+			caps = []string{
-			"CAP_CHOWN",
+				"CAP_AUDIT_CONTROL",
-			"CAP_DAC_OVERRIDE",
+				"CAP_AUDIT_READ",
-			"CAP_DAC_READ_SEARCH",
+				"CAP_AUDIT_WRITE",
-			"CAP_FOWNER",
+				"CAP_BLOCK_SUSPEND",
-			"CAP_FSETID",
+				"CAP_CHOWN",
-			"CAP_IPC_LOCK",
+				"CAP_DAC_OVERRIDE",
-			"CAP_IPC_OWNER",
+				"CAP_DAC_READ_SEARCH",
-			"CAP_KILL",
+				"CAP_FOWNER",
-			"CAP_LEASE",
+				"CAP_FSETID",
-			"CAP_LINUX_IMMUTABLE",
+				"CAP_IPC_LOCK",
-			"CAP_MAC_ADMIN",
+				"CAP_IPC_OWNER",
-			"CAP_MAC_OVERRIDE",
+				"CAP_KILL",
-			"CAP_MKNOD",
+				"CAP_LEASE",
-			"CAP_NET_ADMIN",
+				"CAP_LINUX_IMMUTABLE",
-			"CAP_NET_BIND_SERVICE",
+				"CAP_MAC_ADMIN",
-			"CAP_NET_BROADCAST",
+				"CAP_MAC_OVERRIDE",
-			"CAP_NET_RAW",
+				"CAP_MKNOD",
-			"CAP_SETFCAP",
+				"CAP_NET_ADMIN",
-			"CAP_SETGID",
+				"CAP_NET_BIND_SERVICE",
-			"CAP_SETPCAP",
+				"CAP_NET_BROADCAST",
-			"CAP_SETUID",
+				"CAP_NET_RAW",
-			"CAP_SYSLOG",
+				"CAP_SETFCAP",
-			"CAP_SYS_ADMIN",
+				"CAP_SETGID",
-			"CAP_SYS_BOOT",
+				"CAP_SETPCAP",
-			"CAP_SYS_CHROOT",
+				"CAP_SETUID",
-			"CAP_SYS_MODULE",
+				"CAP_SYSLOG",
-			"CAP_SYS_NICE",
+				"CAP_SYS_ADMIN",
-			"CAP_SYS_PACCT",
+				"CAP_SYS_BOOT",
-			"CAP_SYS_PTRACE",
+				"CAP_SYS_CHROOT",
-			"CAP_SYS_RAWIO",
+				"CAP_SYS_MODULE",
-			"CAP_SYS_RESOURCE",
+				"CAP_SYS_NICE",
-			"CAP_SYS_TIME",
+				"CAP_SYS_PACCT",
-			"CAP_SYS_TTY_CONFIG",
+				"CAP_SYS_PTRACE",
-			"CAP_WAKE_ALARM",
+				"CAP_SYS_RAWIO",
 				"CAP_SYS_RESOURCE",
 				"CAP_SYS_TIME",
 				"CAP_SYS_TTY_CONFIG",
 				"CAP_WAKE_ALARM",
 			}
 		}
 	}