We need to normalize the capadd and capdrop functions, and
we need to return errors if the caller gives us bad input.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
These labels allows users to specify the list of capabilities required
to run their container image.
Setting a image/container label "io.containers.capabilities=setuid,setgid"
will tell container engines that the contained image should work fine withi
just these two capabilties, instead of running with the default capabilities,
Defined as a list, since this has not been standardized yet, we want to make
this a standard, and the standard label might be different then the label we
choose, so eventually we might need to add a standard label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Replace pkg/caps with pkg/capabilities (from libpod). It's also a fork
from Docker but attributes its origing with copyright notes and has a
trimmed down (and faster) API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Daniel J Walsh