generate: fix capability.List() for cap_last_cap not exist

masm · Ma Shimiao · commit d326c89d640f · 2016-07-28T09:07:37.000+08:00
Signed-off-by: masm &lt;mashimiao.fnst@cn.fujitsu.com&gt;
diff --git a/generate/generate.go b/generate/generate.go
@@ -972,10 +972,15 @@ func (g *Generator) AddBindMount(bind string) error {
 // SetupPrivileged sets up the priviledge-related fields inside g.spec.
 func (g *Generator) SetupPrivileged(privileged bool) {
 	if privileged {
+		last := capability.CAP_LAST_CAP
+		// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+		if last == capability.Cap(63) {
+			last = capability.CAP_BLOCK_SUSPEND
+		}
 		// Add all capabilities in privileged mode.
 		var finalCapList []string
 		for _, cap := range capability.List() {
-			if g.HostSpecific && cap > capability.CAP_LAST_CAP {
+			if g.HostSpecific && cap > last {
 				continue
 			}
 			finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
@@ -992,9 +997,14 @@ func checkCap(c string, hostSpecific bool) error {
 	isValid := false
 	cp := strings.ToUpper(c)
 
+	last := capability.CAP_LAST_CAP
+	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+	if last == capability.Cap(63) {
+		last = capability.CAP_BLOCK_SUSPEND
+	}
 	for _, cap := range capability.List() {
 		if cp == strings.ToUpper(cap.String()) {
-			if hostSpecific && cap > capability.CAP_LAST_CAP {
+			if hostSpecific && cap > last {
 				return fmt.Errorf("CAP_%s is not supported on the current host", cp)
 			}
 			isValid = true
