drop dependency on github.com/syndtr/gocapability
pkg/cap has the full list of the caps (for UT, originally), so we can drop dependency on github.com/syndtr/gocapability Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda
@@ -25,9 +25,19 @@ import (
|
||||
"strings"
|
||||
|
||||
"github.com/pkg/errors"
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
)
|
||||
|
||||
// FromNumber returns a cap string like "CAP_SYS_ADMIN"
|
||||
// that corresponds to the given number like 21.
|
||||
//
|
||||
// FromNumber returns an empty string for unknown cap number.
|
||||
func FromNumber(num int) string {
|
||||
if num < 0 || num > len(capsLatest)-1 {
|
||||
return ""
|
||||
}
|
||||
return capsLatest[num]
|
||||
}
|
||||
|
||||
// FromBitmap parses an uint64 bitmap into string slice like
|
||||
// []{"CAP_SYS_ADMIN", ...}.
|
||||
//
|
||||
@@ -37,17 +47,9 @@ func FromBitmap(v uint64) ([]string, []int) {
|
||||
res []string
|
||||
unknown []int
|
||||
)
|
||||
knownList := capability.List()
|
||||
known := make(map[string]struct{}, len(knownList))
|
||||
for _, f := range knownList {
|
||||
known[f.String()] = struct{}{}
|
||||
}
|
||||
for i := 0; i <= 63; i++ {
|
||||
if b := (v >> i) & 0x1; b == 0x1 {
|
||||
c := capability.Cap(i)
|
||||
sRaw := c.String()
|
||||
if _, ok := known[sRaw]; ok {
|
||||
s := "CAP_" + strings.ToUpper(sRaw)
|
||||
if s := FromNumber(i); s != "" {
|
||||
res = append(res, s)
|
||||
} else {
|
||||
unknown = append(unknown, i)
|
||||
@@ -57,9 +59,25 @@ func FromBitmap(v uint64) ([]string, []int) {
|
||||
return res, unknown
|
||||
}
|
||||
|
||||
// Type is the type of capability
|
||||
type Type int
|
||||
|
||||
const (
|
||||
// Effective is CapEff
|
||||
Effective Type = 1 << iota
|
||||
// Effective is CapPrm
|
||||
Permitted
|
||||
// Inheritable is CapInh
|
||||
Inheritable
|
||||
// Bounding is CapBnd
|
||||
Bounding
|
||||
// Ambient is CapAmb
|
||||
Ambient
|
||||
)
|
||||
|
||||
// ParseProcPIDStatus returns uint64 bitmap value from /proc/<PID>/status file
|
||||
func ParseProcPIDStatus(r io.Reader) (map[capability.CapType]uint64, error) {
|
||||
res := make(map[capability.CapType]uint64)
|
||||
func ParseProcPIDStatus(r io.Reader) (map[Type]uint64, error) {
|
||||
res := make(map[Type]uint64)
|
||||
scanner := bufio.NewScanner(r)
|
||||
for scanner.Scan() {
|
||||
line := scanner.Text()
|
||||
@@ -77,15 +95,15 @@ func ParseProcPIDStatus(r io.Reader) (map[capability.CapType]uint64, error) {
|
||||
}
|
||||
switch k {
|
||||
case "CapInh":
|
||||
res[capability.INHERITABLE] = ui64
|
||||
res[Inheritable] = ui64
|
||||
case "CapPrm":
|
||||
res[capability.PERMITTED] = ui64
|
||||
res[Permitted] = ui64
|
||||
case "CapEff":
|
||||
res[capability.EFFECTIVE] = ui64
|
||||
res[Effective] = ui64
|
||||
case "CapBnd":
|
||||
res[capability.BOUNDING] = ui64
|
||||
res[Bounding] = ui64
|
||||
case "CapAmb":
|
||||
res[capability.AMBIENT] = ui64
|
||||
res[Ambient] = ui64
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -112,7 +130,7 @@ func Current() ([]string, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
capEff := caps[capability.EFFECTIVE]
|
||||
capEff := caps[Effective]
|
||||
names, _ := FromBitmap(capEff)
|
||||
return names, nil
|
||||
}
|
||||
@@ -163,10 +181,12 @@ var (
|
||||
// caps58 is the caps of kernel 5.8 (40 entries)
|
||||
caps58 = append(caps316, []string{"CAP_PERFMON", "CAP_BPF"}...)
|
||||
// caps59 is the caps of kernel 5.9 (41 entries)
|
||||
caps59 = append(caps58, "CAP_CHECKPOINT_RESTORE")
|
||||
caps59 = append(caps58, "CAP_CHECKPOINT_RESTORE")
|
||||
capsLatest = caps59
|
||||
)
|
||||
|
||||
// Known returns the known cap strings as of kernel 5.9
|
||||
// Known returns the known cap strings of the latest kernel.
|
||||
// The current latest kernel is 5.9.
|
||||
func Known() []string {
|
||||
return caps59
|
||||
return capsLatest
|
||||
}
|
||||
|
||||
@@ -21,7 +21,6 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
)
|
||||
|
||||
func TestCapsList(t *testing.T) {
|
||||
@@ -30,6 +29,15 @@ func TestCapsList(t *testing.T) {
|
||||
assert.Len(t, caps59, 41)
|
||||
}
|
||||
|
||||
func TestFromNumber(t *testing.T) {
|
||||
assert.Equal(t, "CAP_CHOWN", FromNumber(0))
|
||||
assert.Equal(t, "CAP_SYS_ADMIN", FromNumber(21))
|
||||
assert.Equal(t, "CAP_CHECKPOINT_RESTORE", FromNumber(40))
|
||||
assert.Equal(t, "", FromNumber(-1))
|
||||
assert.Equal(t, "", FromNumber(63))
|
||||
assert.Equal(t, "", FromNumber(255))
|
||||
}
|
||||
|
||||
func TestFromBitmap(t *testing.T) {
|
||||
type testCase struct {
|
||||
comment string
|
||||
@@ -139,12 +147,12 @@ nonvoluntary_ctxt_switches: 0
|
||||
`
|
||||
res, err := ParseProcPIDStatus(strings.NewReader(procPIDStatus))
|
||||
assert.NoError(t, err)
|
||||
expected := map[capability.CapType]uint64{
|
||||
capability.INHERITABLE: 0,
|
||||
capability.PERMITTED: 0xffffffffff,
|
||||
capability.EFFECTIVE: 0xffffffffff,
|
||||
capability.BOUNDING: 0xffffffffff,
|
||||
capability.AMBIENT: 0,
|
||||
expected := map[Type]uint64{
|
||||
Inheritable: 0,
|
||||
Permitted: 0xffffffffff,
|
||||
Effective: 0xffffffffff,
|
||||
Bounding: 0xffffffffff,
|
||||
Ambient: 0,
|
||||
}
|
||||
assert.EqualValues(t, expected, res)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user