Properly handle default capabilities listed in containers.conf

If user/admin specifies a different list of default capabilties we need to honor these. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-12-09 07:09:03 +08:00 · 2020-04-30 08:40:01 -04:00
parent 730fbc7628
commit 4a2765c498
4 changed files with 49 additions and 84 deletions
--- a/vendor/github.com/containers/buildah/imagebuildah/executor.go
+++ b/vendor/github.com/containers/buildah/imagebuildah/executor.go
@@ -113,7 +113,10 @@ func NewExecutor(store storage.Store, options BuildOptions, mainNode *parser.Nod
 	if err != nil {
 		return nil, err
 	}
-	capabilities := defaultContainerConfig.Capabilities("", options.AddCapabilities, options.DropCapabilities)
+	capabilities, err := defaultContainerConfig.Capabilities("", options.AddCapabilities, options.DropCapabilities)
+	if err != nil {
+		return nil, err
+	}

 	devices := []configs.Device{}
 	for _, device := range append(defaultContainerConfig.Containers.Devices, options.Devices...) {