Service cap-add/cap-drop: add special "RESET" value #2709
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## master #2709 +/- ##
==========================================
+ Coverage 58.54% 58.56% +0.01%
==========================================
Files 296 296
Lines 21286 21294 +8
==========================================
+ Hits 12462 12470 +8
Misses 7915 7915
Partials 909 909 |
thaJeztah
force-pushed
the
service_caps_reset
branch
from
0b463fd
to
88ed9b4
Compare
|
Rebased, and moved out of draft |
| @@ -1522,6 +1522,28 @@ func TestUpdateCaps(t *testing.T) { | |||
| expectedAdd: []string{"CAP_AAA", "CAP_BBB", "CAP_CCC", "CAP_DDD"}, | |||
| expectedDrop: []string{"CAP_WWW", "CAP_XXX", "CAP_YYY", "CAP_ZZZ"}, | |||
| }, | |||
| { | |||
| name: "Reset capabilities", | |||
| flagAdd: []string{"RESET"}, | |||
There was a problem hiding this comment.
Should we add also a test with ALL, RESET ?
There was a problem hiding this comment.
Added two tests that combine ALL and RESET
thaJeztah
force-pushed
the
service_caps_reset
branch
from
88ed9b4
to
0646789
Compare
This implements a special "RESET" value that can be used to reset the list of capabilities to add/drop when updating a service. Given the following service; | CapDrop | CapAdd | | -------------- | ------------- | | CAP_SOME_CAP | | When updating the service, and applying `--cap-drop RESET`, the "drop" list is reset to its default: | CapDrop | CapAdd | | -------------- | ------------- | | | | When updating the service, and applying `--cap-drop RESET`, combined with `--cap-add CAP_SOME_CAP` and `--cap-drop CAP_SOME_OTHER_CAP`: | CapDrop | CapAdd | | -------------- | ------------- | | CAP_FOO_CAP | CAP_SOME_CAP | Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
force-pushed
the
service_caps_reset
branch
from
0646789
to
23660be
Compare
tiborvass
approved these changes
Sep 10, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
follow-up to #2687
This implements a special "RESET" value that can be used to reset the
list of capabilities to add/drop when updating a service.
Given the following service;
When updating the service, and applying
--cap-drop RESET, the "drop" listis reset to its default:
When updating the service, and applying
--cap-drop RESET, combined with--cap-add CAP_SOME_CAPand--cap-drop CAP_SOME_OTHER_CAP: