moby
diff --git a/‎daemon/oci_linux.go‎
Lines changed: 8 additions & 7 deletions b/‎daemon/oci_linux.go‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎oci/oci.go‎
Lines changed: 2 additions & 0 deletions b/‎oci/oci.go‎
Lines changed: 2 additions & 0 deletions
@@ -153,19 +153,20 @@ func WithApparmor(c *container.Container) coci.SpecOpts {
 	}
 }
 
-// WithCapabilities sets the container's capabilities
-func WithCapabilities(c *container.Container) coci.SpecOpts {
-	return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
+// WithCapabilities adjusts the container's capabilities based on the
+// "CapAdd", "CapDrop", and "Privileged" fields in the container's HostConfig.
+func WithCapabilities(ctr *container.Container) coci.SpecOpts {
+	return func(ctx context.Context, client coci.Client, c *containers.Container, s *specs.Spec) (err error) {
 		capabilities, err := caps.TweakCapabilities(
 			caps.DefaultCapabilities(),
-			c.HostConfig.CapAdd,
-			c.HostConfig.CapDrop,
-			c.HostConfig.Privileged,
+			ctr.HostConfig.CapAdd,
+			ctr.HostConfig.CapDrop,
+			ctr.HostConfig.Privileged,
 		)
 		if err != nil {
 			return err
 		}
-		return oci.SetCapabilities(s, capabilities)
+		return coci.WithCapabilities(capabilities)(ctx, client, c, s)
 	}
 }
 
 
@@ -18,6 +18,8 @@ import (
 var deviceCgroupRuleRegex = lazyregexp.New("^([acb]) ([0-9]+|\\*):([0-9]+|\\*) ([rwm]{1,3})$")
 
 // SetCapabilities sets the provided capabilities on the spec.
+//
+// Deprecated: this function is no longer used and will be removed in the next release.
 func SetCapabilities(s *specs.Spec, caplist []string) error {
 	if s.Process == nil {
 		s.Process = &specs.Process{}
Original file line number	Diff line number	Diff line change
`@@ -153,19 +153,20 @@ func WithApparmor(c *container.Container) coci.SpecOpts {`
`153`	`153`	`}`
`154`	`154`	`}`
`155`	`155`
`156`		`-// WithCapabilities sets the container's capabilities`
`157`		`-func WithCapabilities(c *container.Container) coci.SpecOpts {`
`158`		`- return func(ctx context.Context, _ coci.Client, _ containers.Container, s coci.Spec) error {`
	`156`	`+// WithCapabilities adjusts the container's capabilities based on the`
	`157`	`+// "CapAdd", "CapDrop", and "Privileged" fields in the container's HostConfig.`
	`158`	`+func WithCapabilities(ctr *container.Container) coci.SpecOpts {`
	`159`	`+ return func(ctx context.Context, client coci.Client, c containers.Container, s specs.Spec) (err error) {`
`159`	`160`	`capabilities, err := caps.TweakCapabilities(`
`160`	`161`	`caps.DefaultCapabilities(),`
`161`		`- c.HostConfig.CapAdd,`
`162`		`- c.HostConfig.CapDrop,`
`163`		`- c.HostConfig.Privileged,`
	`162`	`+ ctr.HostConfig.CapAdd,`
	`163`	`+ ctr.HostConfig.CapDrop,`
	`164`	`+ ctr.HostConfig.Privileged,`
`164`	`165`	`)`
`165`	`166`	`if err != nil {`
`166`	`167`	`return err`
`167`	`168`	`}`
`168`		`- return oci.SetCapabilities(s, capabilities)`
	`169`	`+ return coci.WithCapabilities(capabilities)(ctx, client, c, s)`
`169`	`170`	`}`
`170`	`171`	`}`
`171`	`172`