generate: fix capability.List() for cap_last_cap not exist

Signed-off-by: masm <mashimiao.fnst@cn.fujitsu.com>
wking · Jul 28, 2016 · f7df9c7 · f7df9c7
1 parent 008f8f7
commit f7df9c7
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/generate/generate.go b/generate/generate.go
@@ -975,7 +975,7 @@ func (g *Generator) SetupPrivileged(privileged bool) {
 		// Add all capabilities in privileged mode.
 		var finalCapList []string
 		for _, cap := range capability.List() {
-			if g.HostSpecific && cap > capability.CAP_LAST_CAP {
+			if g.HostSpecific && cap > lastCap() {
 				continue
 			}
 			finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
@@ -988,13 +988,23 @@ func (g *Generator) SetupPrivileged(privileged bool) {
 	}
 }
 
+func lastCap() capability.Cap {
+	last := capability.CAP_LAST_CAP
+	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+	if last == capability.Cap(63) {
+		last = capability.CAP_BLOCK_SUSPEND
+	}
+
+	return last
+}
+
 func checkCap(c string, hostSpecific bool) error {
 	isValid := false
 	cp := strings.ToUpper(c)
 
 	for _, cap := range capability.List() {
 		if cp == strings.ToUpper(cap.String()) {
-			if hostSpecific && cap > capability.CAP_LAST_CAP {
+			if hostSpecific && cap > lastCap() {
 				return fmt.Errorf("CAP_%s is not supported on the current host", cp)
 			}
 			isValid = true