pipeline: drop CAP_{NET_ADMIN,SYS_PTRACE} caps

Drop CAP_{NET_ADMIN,SYS_PTRACE} from the default capabilities which are only needed to run bwrap from inside a stage which is done by the `ostree.commit` and `ostree.preptree` stages, so retain them directly there.
2022-04-26 18:59:18 +02:00 · 2022-04-26 18:59:18 +02:00 · 0c8f5c7ef0
commit 0c8f5c7ef0
parent d14e5f3ee8
5 changed files with 12 additions and 2 deletions
--- a/stages/org.osbuild.ostree.commit
+++ b/stages/org.osbuild.ostree.commit
@ -24,6 +24,9 @@ from osbuild import api
 from osbuild.util import ostree


+CAPABILITIES = ["CAP_NET_ADMIN", "CAP_SYS_PTRACE"]
+
+
 SCHEMA_2 = """
 "options": {
  "additionalProperties": false,
--- a/stages/org.osbuild.ostree.preptree
+++ b/stages/org.osbuild.ostree.preptree
@ -43,6 +43,9 @@ from osbuild import api
 from osbuild.util import ostree


+CAPABILITIES = ["CAP_NET_ADMIN", "CAP_SYS_PTRACE"]
+
+
 SCHEMA = """
 "additionalProperties": false,
 "properties": {
--- a/stages/org.osbuild.rpm-ostree
+++ b/stages/org.osbuild.rpm-ostree
@ -39,6 +39,9 @@ import osbuild.api
 from osbuild.util import ostree


+CAPABILITIES = ["CAP_NET_ADMIN", "CAP_SYS_PTRACE"]
+
+
 SCHEMA = """
 "additionalProperties": false,
 "properties": {