Move ambient capabilties behind build tag
This moves the ambient capability support behind an `ambient` build tag so that it is only compiled upon request. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
parent
dc5e574a16
commit
603c151e6c
2
Makefile
2
Makefile
|
@ -33,7 +33,7 @@ static: $(RUNC_LINK)
|
||||||
CGO_ENABLED=1 go build -i -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -o runc .
|
CGO_ENABLED=1 go build -i -tags "$(BUILDTAGS) cgo static_build" -ldflags "-w -extldflags -static -X main.gitCommit=${COMMIT} -X main.version=${VERSION}" -o runc .
|
||||||
|
|
||||||
release: $(RUNC_LINK)
|
release: $(RUNC_LINK)
|
||||||
@flag_list=(seccomp selinux apparmor static); \
|
@flag_list=(seccomp selinux apparmor static ambient); \
|
||||||
unset expression; \
|
unset expression; \
|
||||||
for flag in "$${flag_list[@]}"; do \
|
for flag in "$${flag_list[@]}"; do \
|
||||||
expression+="' '{'',$${flag}}"; \
|
expression+="' '{'',$${flag}}"; \
|
||||||
|
|
|
@ -48,6 +48,7 @@ make BUILDTAGS='seccomp apparmor'
|
||||||
| seccomp | Syscall filtering | libseccomp |
|
| seccomp | Syscall filtering | libseccomp |
|
||||||
| selinux | selinux process and mount labeling | <none> |
|
| selinux | selinux process and mount labeling | <none> |
|
||||||
| apparmor | apparmor profile support | libapparmor |
|
| apparmor | apparmor profile support | libapparmor |
|
||||||
|
| ambient | ambient capability support | kernel 4.3 |
|
||||||
|
|
||||||
|
|
||||||
### Running the test suite
|
### Running the test suite
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
// +build linux,ambient
|
||||||
|
|
||||||
|
package libcontainer
|
||||||
|
|
||||||
|
import "github.com/syndtr/gocapability/capability"
|
||||||
|
|
||||||
|
const allCapabilityTypes = capability.CAPS | capability.BOUNDS | capability.AMBS
|
|
@ -10,8 +10,6 @@ import (
|
||||||
"github.com/syndtr/gocapability/capability"
|
"github.com/syndtr/gocapability/capability"
|
||||||
)
|
)
|
||||||
|
|
||||||
const allCapabilityTypes = capability.CAPS | capability.BOUNDS | capability.AMBS
|
|
||||||
|
|
||||||
var capabilityMap map[string]capability.Cap
|
var capabilityMap map[string]capability.Cap
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
// +build !ambient,linux
|
||||||
|
|
||||||
|
package libcontainer
|
||||||
|
|
||||||
|
import "github.com/syndtr/gocapability/capability"
|
||||||
|
|
||||||
|
const allCapabilityTypes = capability.CAPS | capability.BOUNDS
|
Loading…
Reference in New Issue