From e28ff5a191794a9444a4e03622e18933af1b84c2 Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Tue, 16 Jan 2018 16:11:33 -0800 Subject: [PATCH] wip: Test PR Testing virtcontainer api changes. Signed-off-by: Archana Shinde --- .../virtcontainers/pkg/hyperstart/types.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/vendor/github.com/containers/virtcontainers/pkg/hyperstart/types.go b/vendor/github.com/containers/virtcontainers/pkg/hyperstart/types.go index 0cbcb29..877b2f9 100644 --- a/vendor/github.com/containers/virtcontainers/pkg/hyperstart/types.go +++ b/vendor/github.com/containers/virtcontainers/pkg/hyperstart/types.go @@ -151,6 +151,20 @@ type Rlimit struct { Soft uint64 `json:"soft"` } +// Capabilities specify the capabilities to keep when executing the process inside the container. +type Capabilities struct { + // Bounding is the set of capabilities checked by the kernel. + Bounding []string `json:"bounding"` + // Effective is the set of capabilities checked by the kernel. + Effective []string `json:"effective"` + // Inheritable is the capabilities preserved across execve. + Inheritable []string `json:"inheritable"` + // Permitted is the limiting superset for effective capabilities. + Permitted []string `json:"permitted"` + // Ambient is the ambient set of capabilities that are kept. + Ambient []string `json:"ambient"` +} + // Process describes a process running on a container inside a pod. type Process struct { User string `json:"user,omitempty"` @@ -171,6 +185,10 @@ type Process struct { Workdir string `json:"workdir"` // Rlimits specifies rlimit options to apply to the process. Rlimits []Rlimit `json:"rlimits,omitempty"` + // NoNewPrivileges indicates that the process should not gain any additional privileges + NoNewPrivileges bool `json:"noNewPrivileges"` + // Capabilities specifies the sets of capabilities for the process(es) inside the container. + Capabilities Capabilities `json:"capabilities"` } // SystemMountsInfo describes additional information for system mounts that the agent