From f7df9c77ff2fbef7447d86642d3126e9c77b8a99 Mon Sep 17 00:00:00 2001
From: masm <mashimiao.fnst@cn.fujitsu.com>
Date: Wed, 27 Jul 2016 23:02:59 +0800
Subject: [PATCH] generate: fix capability.List() for cap_last_cap not exist

Signed-off-by: masm <mashimiao.fnst@cn.fujitsu.com>
---
 generate/generate.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/generate/generate.go b/generate/generate.go
index ddd508481..42df35fa2 100644
--- a/generate/generate.go
+++ b/generate/generate.go
@@ -975,7 +975,7 @@ func (g *Generator) SetupPrivileged(privileged bool) {
 		// Add all capabilities in privileged mode.
 		var finalCapList []string
 		for _, cap := range capability.List() {
-			if g.HostSpecific && cap > capability.CAP_LAST_CAP {
+			if g.HostSpecific && cap > lastCap() {
 				continue
 			}
 			finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
@@ -988,13 +988,23 @@ func (g *Generator) SetupPrivileged(privileged bool) {
 	}
 }
 
+func lastCap() capability.Cap {
+	last := capability.CAP_LAST_CAP
+	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+	if last == capability.Cap(63) {
+		last = capability.CAP_BLOCK_SUSPEND
+	}
+
+	return last
+}
+
 func checkCap(c string, hostSpecific bool) error {
 	isValid := false
 	cp := strings.ToUpper(c)
 
 	for _, cap := range capability.List() {
 		if cp == strings.ToUpper(cap.String()) {
-			if hostSpecific && cap > capability.CAP_LAST_CAP {
+			if hostSpecific && cap > lastCap() {
 				return fmt.Errorf("CAP_%s is not supported on the current host", cp)
 			}
 			isValid = true