From 39fd32080205aebe8a59936b9b6a76ae04b6f047 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Date: Sat, 12 Mar 2016 07:32:19 +0100
Subject: Adding capability and drop-capability config option.

Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
---
 lib/container/start | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'lib/container/start')

diff --git a/lib/container/start b/lib/container/start
index dc84f94..0588db5 100755
--- a/lib/container/start
+++ b/lib/container/start
@@ -156,9 +156,33 @@ then
 			;;
 	esac
 
+	CAPABILITY="$(awk -F= '/^capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+	case "${CAPABILITY}" in
+		"")
+			CAPABILITY=""
+			;;
+
+		*)
+			CAPABILITY="--capability=${CAPABILITY}"
+			;;
+	esac
+
 	DIRECTORY="$(awk -F= '/^directory=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo ${MACHINES}/${NAMES})"
 	DIRECTORY="--directory ${DIRECTORY}"
 
+	DROP_CAPABILITY="$(awk -F= '/^drop-capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+	case "${DROP_CAPABILITY}" in
+		"")
+			DROP_CAPABILITY=""
+			;;
+
+		*)
+			DROP_CAPABILITY="--drop-capability=${DROP_CAPABILITY}"
+			;;
+	esac
+
 	MACHINE="--machine=${NAME}"
 
 	NETWORK_BRIDGE="$(awk -F= '/^network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
@@ -211,4 +235,4 @@ then
 fi
 
 # Run
-${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${DIRECTORY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER}
+${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER}
-- 
cgit v1.2.3