Add missing capabilities for Cilium BPF

21ee6c22 · kaiyou · 25dd14bc · 21ee6c22 · 21ee6c22
Commit 21ee6c22 authored 2 years ago by kaiyou
--- a/cmd/hepto.go
+++ b/cmd/hepto.go
@@ -29,9 +29,9 @@ func main() {
 		// mount with very simple very formatted arguments in that order:
 		//   mount -t tmpfs -o size=1234 /src /dst
 		err = unix.Mount(os.Args[5], os.Args[6], os.Args[2], 0, os.Args[4])
-  } else if bin == "umount" {
+	} else if bin == "umount" {
-    // Same for umount
+		// Same for umount
-    err = unix.Unmount(os.Args[1], 0)
+		err = unix.Unmount(os.Args[1], 0)
 	} else if bin == "containerd" || (len(os.Args) > 1 && os.Args[1] == "publish") {
 		// Containerd is also available under hepto name, guess based on
 		// call arguments

--- a/cmd/hepto/defaults.go
+++ b/cmd/hepto/defaults.go
@@ -37,7 +37,9 @@ var additionalCapabilities = []string{
 	"CAP_MKNOD",
 	"CAP_AUDIT_WRITE",
 	"CAP_SETFCAP",
-	"CAP_FSETID",
+	// Required for some services including Cilium
+	"CAP_IPC_LOCK",
+	"CAP_SYS_MODULE",
 }
 // Required devices for kubernetes