Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
The hardcoded list of capabilities was missing some capabilities introduced in kernel 5.8 and 5.9.
This PR changes the code to retrieve the capabilities using
gocapability
.- How I did it
gocapability/capability
incmd/linuxkit
capability.List()
- How to verify it
Builds with images defining
org.mobyproject.config
with{"capabilities": ["all"], ...}
should seeCAP_PERFMON
,CAP_BPF
, andCAP_CHECKPOINT_RESTORE
added to their list of capabilities.- Description for the changelog
Fix missing capabilities in newer kernels
- A picture of a cute animal (not mandatory but encouraged)