Add support for exact list of capabilities + capAdd / capDrop refactor #38380
Conversation
59df37d to
b6b0685
Compare
Codecov Report
@@ Coverage Diff @@
## master #38380 +/- ##
==========================================
+ Coverage 36.6% 36.61% +0.01%
==========================================
Files 608 608
Lines 45224 45241 +17
==========================================
+ Hits 16553 16567 +14
+ Misses 26384 26383 -1
- Partials 2287 2291 +4 |
b6b0685 to
9500e14
Compare
|
@thaJeztah looks working fine with moby/swarmkit#2795 so can you review and give your thoughts? Docs updates are not included yet on purpose because I would get #37940 merged first and don't want cause conflicts with it. |
e5eda15 to
912512b
Compare
|
@thaJeztah updated based on feedback 😎 EDIT: Also modified to API comment to use same format than on #38381 |
6836f4e to
51ab0bc
Compare
ef14e5b to
9a77b03
Compare
There was a problem hiding this comment.
Thanks @olljanat!
I left comments inline, but was going through these changes and that the validation only take place on docker start (not on docker create).
I have some ideas, but probably faster to show those instead of trying to explain them; I'll work on a branch so that you can incorporate those changes in your PR if you agree with them 🤗
Will post a link once if made those changes 👍
|
Pushed a branch here; I split my changes into several commits, to make it easier to grasp what I did 😅 master...thaJeztah:capabilities_support_move_to_create (or diff compared to your branch; olljanat/moby@capabilities-support...thaJeztah:capabilities_support_move_to_create) |
|
oh, hold on, pushed one outdated commit; fixing |
|
done 👍 |
@thaJeztah those looks good on quick view. Will do some testing with them but I included them already so we can see result of CI. |
|
One "minor" thing. EDIT: Found it. Fixed on olljanat@d5404a7 but I will wait that CI finishes so we can see that it really finds those failures. EDIT 2: Yes. Looks correct: https://jenkins.dockerproject.org/job/Docker-PRs/52704/console |
fb46376 to
2fc46c0
Compare
|
@thaJeztah I'm not sure if that is correct way but I rebased this now to one commit which is signed off by both of us (have seen that on some old commits too). |
That sounds ok 👍 |
- Add support for exact list of capabilities, support only OCI model - Support OCI model on CapAdd and CapDrop but remain backward compatibility - Create variable locally instead of declaring it at the top - Use const for magic "ALL" value - Rename `cap` variable as it overlaps with `cap()` built-in - Normalize and validate capabilities before use - Move validation for conflicting options to validateHostConfig() - TweakCapabilities: simplify logic to calculate capabilities Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2fc46c0 to
80d7bfd
Compare
@justincormack now this is handled. PTAL |
|
(We can look at the client normalising the values in a follow-up (probably limiting to uppercasing values before sending them over the API)) |
|
@AkihiroSuda can you look this one again as it was heavily modified after your last review? |
|
I think this should be ready to go; merging. @AkihiroSuda let me know if there's follow-ups to do after this is merged 🤗 |
|
@presidenten no. up to date status is visible on this message: #25885 (comment) Target is get complete solution out part of 19.06. |
- What I did
Added support for exact list of capabilities list of container capabilities which can be used instead of these CapAdd and CapDrop like discussed on #26849 (comment)
and refactored capAdd and capDrop to share as much code as possible with this new feature.
- How I did it
In cooperation with @thaJeztah 😉
- How to verify it
CI makes sure that existing functionality works like expected and new integration tests verify that new functionality works correctly.
- Description for the changelog
capvariable as it overlaps withcap()built-in- Comments
First step to solve #25885 , #24862 and moby/swarmkit#1030
Replaces #26849
Dependency for moby/swarmkit#2795