diff --git a/pkg/build/build.go b/pkg/build/build.go index 233242237..5eb33ed88 100644 --- a/pkg/build/build.go +++ b/pkg/build/build.go @@ -1176,10 +1176,10 @@ func (b *Build) buildWorkspaceConfig(ctx context.Context) *container.Config { cfg.Disk = b.Configuration.Package.Resources.Disk } if b.Configuration.Capabilities.Add != nil { - cfg.Capabilities.CapAdd = b.Configuration.Capabilities.Add + cfg.Capabilities.Add = b.Configuration.Capabilities.Add } if b.Configuration.Capabilities.Drop != nil { - cfg.Capabilities.CapDrop = b.Configuration.Capabilities.Drop + cfg.Capabilities.Drop = b.Configuration.Capabilities.Drop } for k, v := range b.Configuration.Environment.Environment { diff --git a/pkg/build/test.go b/pkg/build/test.go index 5cff297ee..10e602aa4 100644 --- a/pkg/build/test.go +++ b/pkg/build/test.go @@ -575,10 +575,10 @@ func (t *Test) buildWorkspaceConfig(ctx context.Context, imgRef, pkgName string, RunAs: imgcfg.Accounts.RunAs, } if t.Configuration.Capabilities.Add != nil { - cfg.Capabilities.CapAdd = t.Configuration.Capabilities.Add + cfg.Capabilities.Add = t.Configuration.Capabilities.Add } if t.Configuration.Capabilities.Drop != nil { - cfg.Capabilities.CapDrop = t.Configuration.Capabilities.Drop + cfg.Capabilities.Drop = t.Configuration.Capabilities.Drop } for k, v := range imgcfg.Environment { diff --git a/pkg/container/bubblewrap_runner.go b/pkg/container/bubblewrap_runner.go index ac90fbb1a..32ab0422b 100644 --- a/pkg/container/bubblewrap_runner.go +++ b/pkg/container/bubblewrap_runner.go @@ -133,14 +133,14 @@ func (bw *bubblewrap) cmd(ctx context.Context, cfg *Config, debug bool, envOverr baseargs = append(baseargs, "--cap-add", c) } // Add additional process kernel capabilities to the container as configured. - if cfg.Capabilities.CapAdd != nil { - for _, c := range cfg.Capabilities.CapAdd { + if cfg.Capabilities.Add != nil { + for _, c := range cfg.Capabilities.Add { baseargs = append(baseargs, "--cap-add", c) } } // Drop process kernel capabilities from the container as configured. - if cfg.Capabilities.CapDrop != nil { - for _, c := range cfg.Capabilities.CapDrop { + if cfg.Capabilities.Drop != nil { + for _, c := range cfg.Capabilities.Drop { baseargs = append(baseargs, "--cap-drop", c) } } diff --git a/pkg/container/config.go b/pkg/container/config.go index 0256e7e2f..a8986ad49 100644 --- a/pkg/container/config.go +++ b/pkg/container/config.go @@ -40,8 +40,8 @@ type BindMount struct { type Capabilities struct { Networking bool - CapAdd []string // List of kernel capabilities to add to the container. - CapDrop []string // List of kernel capabilities to drop from the container. + Add []string // List of kernel capabilities to add to the container. + Drop []string // List of kernel capabilities to drop from the container. } type Config struct { diff --git a/pkg/container/docker/docker_runner.go b/pkg/container/docker/docker_runner.go index 742dbd988..156344602 100644 --- a/pkg/container/docker/docker_runner.go +++ b/pkg/container/docker/docker_runner.go @@ -100,12 +100,12 @@ func (dk *docker) StartPod(ctx context.Context, cfg *mcontainer.Config) error { Mounts: mounts, } // Add process kernel capabilities to the container if configured. - if len(cfg.Capabilities.CapAdd) > 0 { - hostConfig.CapAdd = cfg.Capabilities.CapAdd + if len(cfg.Capabilities.Add) > 0 { + hostConfig.CapAdd = cfg.Capabilities.Add } // Drop process kernel capabilities from the container if configured. - if len(cfg.Capabilities.CapDrop) > 0 { - hostConfig.CapDrop = cfg.Capabilities.CapDrop + if len(cfg.Capabilities.Drop) > 0 { + hostConfig.CapDrop = cfg.Capabilities.Drop } platform := &image_spec.Platform{