Kir Kolyshkin 0de1953333 runc spec, libct/int: do not add ambient capabilities ...

Commit 98fe566c removed inheritable capabilities from the example spec
(used by runc spec) and from the libcontainer/integration test config,
but neglected to also remove ambient capabilities.

An ambient capability could only be set if the same inheritable
capability is set, so as a result of the above change ambient
capabilities were not set (but due to a bug in gocapability package,
those errors are never reported).

Once we start using a library with the fix [1], that bug will become
apparent (both bats-based and libct/int tests will fail).

[1]: https://github.com/kolyshkin/capability/pull/3

Fixes: 98fe566c ("runc: do not set inheritable capabilities")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

2024-09-25 21:48:29 -07:00

..

checkpoint_test.go

libct/int: checkpoint test: skip pre-dump if not avail

2024-05-10 11:04:58 -07:00

doc.go

Move libcontainer into subdirectory

2015-06-21 19:29:15 -07:00

exec_test.go

libct/userns: split userns detection from internal userns code

2024-06-30 20:06:30 +02:00

execin_test.go

libct: don't allow to start second init process

2024-06-10 22:30:03 -07:00

init_test.go

libct/init: unify init, fix its error logic

2023-08-04 13:00:35 -07:00

seccomp_test.go

libct/int/seccomp_test: simplify exit code checks

2024-08-10 14:46:43 -07:00

template_test.go

runc spec, libct/int: do not add ambient capabilities

2024-09-25 21:48:29 -07:00

update_test.go

libct/int: adapt to Go 1.15

2021-07-27 01:41:47 -07:00

utils_test.go

libc/int: add/use runContainerOk wrapper

2023-02-22 02:58:47 -08:00