INSTANCE_ATTR_JAIL,
INSTANCE_ATTR_TRACE,
INSTANCE_ATTR_SECCOMP,
+ INSTANCE_ATTR_CAPABILITIES,
INSTANCE_ATTR_PIDFILE,
INSTANCE_ATTR_RELOADSIG,
INSTANCE_ATTR_TERMTIMEOUT,
[INSTANCE_ATTR_JAIL] = { "jail", BLOBMSG_TYPE_TABLE },
[INSTANCE_ATTR_TRACE] = { "trace", BLOBMSG_TYPE_BOOL },
[INSTANCE_ATTR_SECCOMP] = { "seccomp", BLOBMSG_TYPE_STRING },
+ [INSTANCE_ATTR_CAPABILITIES] = { "capabilities", BLOBMSG_TYPE_STRING },
[INSTANCE_ATTR_PIDFILE] = { "pidfile", BLOBMSG_TYPE_STRING },
[INSTANCE_ATTR_RELOADSIG] = { "reload_signal", BLOBMSG_TYPE_INT32 },
[INSTANCE_ATTR_TERMTIMEOUT] = { "term_timeout", BLOBMSG_TYPE_INT32 },
argv[argc++] = in->group;
}
+ if (in->capabilities) {
+ argv[argc++] = "-C";
+ argv[argc++] = in->capabilities;
+ }
+
if (in->no_new_privs)
argv[argc++] = "-c";
if (string_changed(in->seccomp, in_new->seccomp))
return true;
+ if (string_changed(in->capabilities, in_new->capabilities))
+ return true;
+
if (!blobmsg_list_equal(&in->limits, &in_new->limits))
return true;
if (in->seccomp)
jail->argc += 2;
+ if (in->capabilities)
+ jail->argc += 2;
+
if (in->user)
jail->argc += 2;
if (!in->trace && tb[INSTANCE_ATTR_SECCOMP])
in->seccomp = strdup(blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]));
+ if (tb[INSTANCE_ATTR_CAPABILITIES])
+ in->capabilities = strdup(blobmsg_get_string(tb[INSTANCE_ATTR_CAPABILITIES]));
+
if (tb[INSTANCE_ATTR_EXTROOT])
in->extroot = strdup(blobmsg_get_string(tb[INSTANCE_ATTR_EXTROOT]));
instance_config_move_strdup(&in->pidfile, in_src->pidfile);
instance_config_move_strdup(&in->seccomp, in_src->seccomp);
+ instance_config_move_strdup(&in->capabilities, in_src->capabilities);
instance_config_move_strdup(&in->bundle, in_src->bundle);
instance_config_move_strdup(&in->extroot, in_src->extroot);
instance_config_move_strdup(&in->overlaydir, in_src->overlaydir);
free(in->jail.name);
free(in->jail.hostname);
free(in->seccomp);
+ free(in->capabilities);
free(in->pidfile);
free(in);
}
if (in->seccomp)
blobmsg_add_string(b, "seccomp", in->seccomp);
+ if (in->capabilities)
+ blobmsg_add_string(b, "capabilities", in->capabilities);
+
if (in->pidfile)
blobmsg_add_string(b, "pidfile", in->pidfile);