virt-controller, template: move the getRequiredCapabilities func

Signed-off-by: Miguel Duarte Barroso <[email protected]>
attlee-wang · May 25, 2022 · 40b6ee5 · 40b6ee5
1 parent 7b8f795
commit 40b6ee5
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 20 deletions.
diff --git a/pkg/virt-controller/services/rendercontainer.go b/pkg/virt-controller/services/rendercontainer.go
@@ -205,3 +205,23 @@ func updateLivenessProbe(vmi *v1.VirtualMachineInstance, computeProbe *k8sv1.Pro
 	wrapExecProbeWithVirtProbe(vmi, computeProbe)
 	computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
 }
+
+func getRequiredCapabilities(vmi *v1.VirtualMachineInstance) []k8sv1.Capability {
+	// These capabilies are always required because we set them on virt-launcher binary
+	// add CAP_SYS_PTRACE capability needed by libvirt + swtpm
+	// TODO: drop SYS_PTRACE after updating libvirt to a release containing:
+	// https://github.com/libvirt/libvirt/commit/a9c500d2b50c5c041a1bb6ae9724402cf1cec8fe
+	capabilities := []k8sv1.Capability{CAP_NET_BIND_SERVICE, CAP_SYS_PTRACE}
+
+	if !util.IsNonRootVMI(vmi) {
+		// add a CAP_SYS_NICE capability to allow setting cpu affinity
+		capabilities = append(capabilities, CAP_SYS_NICE)
+		// add CAP_SYS_ADMIN capability to allow virtiofs
+		if util.IsVMIVirtiofsEnabled(vmi) {
+			capabilities = append(capabilities, CAP_SYS_ADMIN)
+			capabilities = append(capabilities, getVirtiofsCapabilities()...)
+		}
+	}
+
+	return capabilities
+}
diff --git a/pkg/virt-controller/services/template.go b/pkg/virt-controller/services/template.go
@@ -1767,26 +1767,6 @@ func getVirtiofsCapabilities() []k8sv1.Capability {
 	}
 }
 
-func getRequiredCapabilities(vmi *v1.VirtualMachineInstance) []k8sv1.Capability {
-	// These capabilies are always required because we set them on virt-launcher binary
-	// add CAP_SYS_PTRACE capability needed by libvirt + swtpm
-	// TODO: drop SYS_PTRACE after updating libvirt to a release containing:
-	// https://github.com/libvirt/libvirt/commit/a9c500d2b50c5c041a1bb6ae9724402cf1cec8fe
-	capabilities := []k8sv1.Capability{CAP_NET_BIND_SERVICE, CAP_SYS_PTRACE}
-
-	if !util.IsNonRootVMI(vmi) {
-		// add a CAP_SYS_NICE capability to allow setting cpu affinity
-		capabilities = append(capabilities, CAP_SYS_NICE)
-		// add CAP_SYS_ADMIN capability to allow virtiofs
-		if util.IsVMIVirtiofsEnabled(vmi) {
-			capabilities = append(capabilities, CAP_SYS_ADMIN)
-			capabilities = append(capabilities, getVirtiofsCapabilities()...)
-		}
-	}
-
-	return capabilities
-}
-
 func getRequiredResources(vmi *v1.VirtualMachineInstance, allowEmulation bool) k8sv1.ResourceList {
 	res := k8sv1.ResourceList{}
 	if util.NeedTunDevice(vmi) {