maemachinebroke/hakurei
1
0
Fork 0
forked from security/hakurei
Code Pull Requests Activity

container/init: avoid multiple lastcap calls

Browse Source 
This reduces the size of []kexpect in the test suite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2025-08-23 11:09:11 +09:00
parent 1b3902df78
commit b3da3da525
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
container/init.go
View File

@@ -156,7 +156,7 @@ func initEntrypoint(k syscallDispatcher, prepareLogger func(prefix string), setV
}
// cache sysctl before pivot_root
k.lastcap()
lastcap := k.lastcap()
if err := k.mount(zeroString, FHSRoot, zeroString, MS_SILENT|MS_SLAVE|MS_REC, zeroString); err != nil {
k.fatalf("cannot make / rslave: %v", err)
@@ -262,7 +262,7 @@ func initEntrypoint(k syscallDispatcher, prepareLogger func(prefix string), setV
if err := k.capAmbientClearAll(); err != nil {
k.fatalf("cannot clear the ambient capability set: %v", err)
}
for i := uintptr(0); i <= k.lastcap(); i++ {
for i := uintptr(0); i <= lastcap; i++ {
if params.Privileged && i == CAP_SYS_ADMIN {
continue
}