generate: fix capability.List() for cap_last_cap not exist

Signed-off-by: masm <mashimiao.fnst@cn.fujitsu.com>

Author: masm

generate/generate.go

@@ -950,9 +950,17 @@ func (g *Generator) AddBindMount(bind string) error {
 // SetupPrivileged sets up the priviledge-related fields inside g.spec.
 func (g *Generator) SetupPrivileged(privileged bool) {
 	if privileged {
+		last := capability.CAP_LAST_CAP
+		// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+		if last == capability.Cap(63) {
+			last = capability.CAP_BLOCK_SUSPEND
+		}
 		// Add all capabilities in privileged mode.
 		var finalCapList []string
 		for _, cap := range capability.List() {
+			if cap > last {
+				continue
+			}
 			finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
 		}
 		g.initSpecLinux()