From 21ee6c22adf64ec72dd4188d80aca804de07655c Mon Sep 17 00:00:00 2001
From: kaiyou <dev@kaiyou.fr>
Date: Tue, 20 Dec 2022 15:42:54 +0100
Subject: [PATCH] Add missing capabilities for Cilium BPF

---
 cmd/hepto.go          | 6 +++---
 cmd/hepto/defaults.go | 4 +++-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/cmd/hepto.go b/cmd/hepto.go
index bceea92..1044f73 100644
--- a/cmd/hepto.go
+++ b/cmd/hepto.go
@@ -29,9 +29,9 @@ func main() {
 		// mount with very simple very formatted arguments in that order:
 		//   mount -t tmpfs -o size=1234 /src /dst
 		err = unix.Mount(os.Args[5], os.Args[6], os.Args[2], 0, os.Args[4])
-  } else if bin == "umount" {
-    // Same for umount
-    err = unix.Unmount(os.Args[1], 0)
+	} else if bin == "umount" {
+		// Same for umount
+		err = unix.Unmount(os.Args[1], 0)
 	} else if bin == "containerd" || (len(os.Args) > 1 && os.Args[1] == "publish") {
 		// Containerd is also available under hepto name, guess based on
 		// call arguments
diff --git a/cmd/hepto/defaults.go b/cmd/hepto/defaults.go
index d2a0aef..c3c3a31 100644
--- a/cmd/hepto/defaults.go
+++ b/cmd/hepto/defaults.go
@@ -37,7 +37,9 @@ var additionalCapabilities = []string{
 	"CAP_MKNOD",
 	"CAP_AUDIT_WRITE",
 	"CAP_SETFCAP",
-	"CAP_FSETID",
+	// Required for some services including Cilium
+	"CAP_IPC_LOCK",
+	"CAP_SYS_MODULE",
 }
 
 // Required devices for kubernetes
-- 
GitLab