mirror of
https://github.com/docker/compose.git
synced 2025-09-26 11:08:46 +02:00
f94cb49062
We cannot guarantee the exact value of `CapEff` across environments, and this test has started failing some places, e.g. Docker Desktop, and now GitHub Actions (likely due to a kernel upgrade on the runners or similar). By setting `privileged: true` on the build, we're asking for the `security.insecure` entitlement on the build. A safe assumption is that will include `CAP_SYS_ADMIN`, which won't be present otherwise, so mask the `CapEff` value and check for that. It's worth noting that realistically, the build won't even be able to complete without the correct entitlement, since the `Dockerfile` uses `RUN --security=insecure`, so this is really an additional sanity check. Signed-off-by: Milas Bowman <milas.bowman@docker.com>