diff options
| author | openshift-merge-bot[bot] <148852131+openshift-merge-bot[bot]@users.noreply.github.com> | 2024-09-26 11:42:08 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-26 11:42:08 +0000 |
| commit | bf30466698f9a3f9f24fcb4f3aad09e32c3bcd0f (patch) | |
| tree | d8092e92523e4e0ed467b8c5cff7894396b75a86 | |
| parent | 76a932189d4389f7a3fa6a48ab6008ea9ff856c3 (diff) | |
| parent | 27838b26d6d929d822977d4bd091ab507b00d706 (diff) | |
Merge pull request #24076 from containers/renovate/github.com-moby-sys-capability-0.x
Update module github.com/moby/sys/capability to v0.3.0
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | vendor/github.com/moby/sys/capability/CHANGELOG.md | 20 | ||||
| -rw-r--r-- | vendor/github.com/moby/sys/capability/README.md | 2 | ||||
| -rw-r--r-- | vendor/github.com/moby/sys/capability/capability.go | 40 | ||||
| -rw-r--r-- | vendor/github.com/moby/sys/capability/capability_linux.go | 5 | ||||
| -rw-r--r-- | vendor/github.com/moby/sys/capability/capability_noop.go | 14 | ||||
| -rw-r--r-- | vendor/github.com/moby/sys/capability/enum.go | 27 | ||||
| -rw-r--r-- | vendor/github.com/moby/sys/capability/enum_gen.go | 5 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
10 files changed, 89 insertions, 32 deletions
@@ -48,7 +48,7 @@ require ( github.com/mattn/go-shellwords v1.0.12 github.com/mattn/go-sqlite3 v1.14.23 github.com/mdlayher/vsock v1.2.1 - github.com/moby/sys/capability v0.2.0 + github.com/moby/sys/capability v0.3.0 github.com/moby/sys/user v0.3.0 github.com/moby/term v0.5.0 github.com/nxadm/tail v1.4.11 @@ -365,8 +365,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= -github.com/moby/sys/capability v0.2.0 h1:OJtbqfthavtfh1kycvEhMvY7/M2BHscP2fiXgzKI3sk= -github.com/moby/sys/capability v0.2.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= +github.com/moby/sys/capability v0.3.0 h1:kEP+y6te0gEXIaeQhIi0s7vKs/w0RPoH1qPa6jROcVg= +github.com/moby/sys/capability v0.3.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= diff --git a/vendor/github.com/moby/sys/capability/CHANGELOG.md b/vendor/github.com/moby/sys/capability/CHANGELOG.md index c508d0341..037ef010a 100644 --- a/vendor/github.com/moby/sys/capability/CHANGELOG.md +++ b/vendor/github.com/moby/sys/capability/CHANGELOG.md @@ -5,7 +5,20 @@ from https://github.com/syndtr/gocapability/commit/42c35b4376354fd5. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## 0.2.0 - 2024-09-16 +## [0.3.0] - 2024-09-25 + +### Added +* Added [ListKnown] and [ListSupported] functions. (#153) +* [LastCap] is now available on non-Linux platforms (where it returns an error). (#152) + +### Changed +* [List] is now deprecated in favor of [ListKnown] and [ListSupported]. (#153) + +### Fixed +* Various documentation improvements. (#151) +* Fix "generated code" comment. (#153) + +## [0.2.0] - 2024-09-16 This is the first release after the move to a new home in github.com/moby/sys/capability. @@ -53,8 +66,13 @@ This is an initial release since the fork. <!-- Doc links. --> [Apply]: https://pkg.go.dev/github.com/moby/sys/capability#Capabilities.Apply [LastCap]: https://pkg.go.dev/github.com/moby/sys/capability#LastCap +[List]: https://pkg.go.dev/github.com/moby/sys/capability#List +[ListKnown]: https://pkg.go.dev/github.com/moby/sys/capability#ListKnown +[ListSupported]: https://pkg.go.dev/github.com/moby/sys/capability#ListSupported <!-- Minor releases. --> +[0.3.0]: https://github.com/moby/sys/releases/tag/capability%2Fv0.3.0 +[0.2.0]: https://github.com/moby/sys/releases/tag/capability%2Fv0.2.0 [0.1.1]: https://github.com/kolyshkin/capability/compare/v0.1.0...v0.1.1 [0.1.0]: https://github.com/kolyshkin/capability/compare/42c35b4376354fd5...v0.1.0 diff --git a/vendor/github.com/moby/sys/capability/README.md b/vendor/github.com/moby/sys/capability/README.md index 47489f908..84b74871a 100644 --- a/vendor/github.com/moby/sys/capability/README.md +++ b/vendor/github.com/moby/sys/capability/README.md @@ -2,6 +2,8 @@ This is a fork of (apparently no longer maintained) https://github.com/syndtr/gocapability package. It provides basic primitives to work with [Linux capabilities][capabilities(7)]. +For changes, see [CHANGELOG.md](./CHANGELOG.md). + [](https://pkg.go.dev/github.com/moby/sys/capability) ## Alternatives diff --git a/vendor/github.com/moby/sys/capability/capability.go b/vendor/github.com/moby/sys/capability/capability.go index 2c46b8e06..1b36f5f22 100644 --- a/vendor/github.com/moby/sys/capability/capability.go +++ b/vendor/github.com/moby/sys/capability/capability.go @@ -61,25 +61,26 @@ type Capabilities interface { Apply(kind CapType) error } -// NewPid initializes a new Capabilities object for given pid when +// NewPid initializes a new [Capabilities] object for given pid when // it is nonzero, or for the current process if pid is 0. // -// Deprecated: Replace with NewPid2. For example, replace: +// Deprecated: Replace with [NewPid2] followed by [Capabilities.Load]. +// For example, replace: // // c, err := NewPid(0) // if err != nil { -// return err +// return err // } // // with: // // c, err := NewPid2(0) // if err != nil { -// return err +// return err // } // err = c.Load() // if err != nil { -// return err +// return err // } func NewPid(pid int) (Capabilities, error) { c, err := newPid(pid) @@ -90,32 +91,33 @@ func NewPid(pid int) (Capabilities, error) { return c, err } -// NewPid2 initializes a new Capabilities object for given pid when -// it is nonzero, or for the current process if pid is 0. This +// NewPid2 initializes a new [Capabilities] object for given pid when +// it is nonzero, or for the current process if pid is 0. This // does not load the process's current capabilities; to do that you -// must call Load explicitly. +// must call [Capabilities.Load] explicitly. func NewPid2(pid int) (Capabilities, error) { return newPid(pid) } // NewFile initializes a new Capabilities object for given file path. // -// Deprecated: Replace with NewFile2. For example, replace: +// Deprecated: Replace with [NewFile2] followed by [Capabilities.Load]. +// For example, replace: // // c, err := NewFile(path) // if err != nil { -// return err +// return err // } // // with: // // c, err := NewFile2(path) // if err != nil { -// return err +// return err // } // err = c.Load() // if err != nil { -// return err +// return err // } func NewFile(path string) (Capabilities, error) { c, err := newFile(path) @@ -126,9 +128,17 @@ func NewFile(path string) (Capabilities, error) { return c, err } -// NewFile2 creates a new initialized Capabilities object for given -// file path. This does not load the process's current capabilities; -// to do that you must call Load explicitly. +// NewFile2 creates a new initialized [Capabilities] object for given +// file path. This does not load the process's current capabilities; +// to do that you must call [Capabilities.Load] explicitly. func NewFile2(path string) (Capabilities, error) { return newFile(path) } + +// LastCap returns highest valid capability of the running kernel, +// or an error if it can not be obtained. +// +// See also: [ListSupported]. +func LastCap() (Cap, error) { + return lastCap() +} diff --git a/vendor/github.com/moby/sys/capability/capability_linux.go b/vendor/github.com/moby/sys/capability/capability_linux.go index d30b6f8e5..aa600e1d9 100644 --- a/vendor/github.com/moby/sys/capability/capability_linux.go +++ b/vendor/github.com/moby/sys/capability/capability_linux.go @@ -25,11 +25,6 @@ const ( linuxCapVer3 = 0x20080522 ) -// LastCap returns highest valid capability of the running kernel. -func LastCap() (Cap, error) { - return lastCap() -} - var lastCap = sync.OnceValues(func() (Cap, error) { f, err := os.Open("/proc/sys/kernel/cap_last_cap") if err != nil { diff --git a/vendor/github.com/moby/sys/capability/capability_noop.go b/vendor/github.com/moby/sys/capability/capability_noop.go index 2e836fbce..ba819ff05 100644 --- a/vendor/github.com/moby/sys/capability/capability_noop.go +++ b/vendor/github.com/moby/sys/capability/capability_noop.go @@ -11,10 +11,16 @@ package capability import "errors" -func newPid(pid int) (Capabilities, error) { - return nil, errors.New("not supported") +var errNotSup = errors.New("not supported") + +func newPid(_ int) (Capabilities, error) { + return nil, errNotSup +} + +func newFile(_ string) (Capabilities, error) { + return nil, errNotSup } -func newFile(path string) (Capabilities, error) { - return nil, errors.New("not supported") +func lastCap() (Cap, error) { + return -1, errNotSup } diff --git a/vendor/github.com/moby/sys/capability/enum.go b/vendor/github.com/moby/sys/capability/enum.go index bbbc84dba..f89f0273a 100644 --- a/vendor/github.com/moby/sys/capability/enum.go +++ b/vendor/github.com/moby/sys/capability/enum.go @@ -7,6 +7,8 @@ package capability +import "slices" + type CapType uint func (c CapType) String() string { @@ -301,3 +303,28 @@ const ( // Introduced in kernel 5.9 CAP_CHECKPOINT_RESTORE = Cap(40) ) + +// List returns the list of all capabilities known to the package. +// +// Deprecated: use [ListKnown] or [ListSupported] instead. +func List() []Cap { + return ListKnown() +} + +// ListKnown returns the list of all capabilities known to the package. +func ListKnown() []Cap { + return list() +} + +// ListSupported retuns the list of all capabilities known to the package, +// except those that are not supported by the currently running Linux kernel. +func ListSupported() ([]Cap, error) { + last, err := LastCap() + if err != nil { + return nil, err + } + return slices.DeleteFunc(list(), func(c Cap) bool { + // Remove caps not supported by the kernel. + return c > last + }), nil +} diff --git a/vendor/github.com/moby/sys/capability/enum_gen.go b/vendor/github.com/moby/sys/capability/enum_gen.go index 2ff9bf4d8..f72cd43a6 100644 --- a/vendor/github.com/moby/sys/capability/enum_gen.go +++ b/vendor/github.com/moby/sys/capability/enum_gen.go @@ -1,4 +1,4 @@ -// generated file; DO NOT EDIT - use go generate in directory with source +// Code generated by go generate; DO NOT EDIT. package capability @@ -90,8 +90,7 @@ func (c Cap) String() string { return "unknown" } -// List returns list of all supported capabilities -func List() []Cap { +func list() []Cap { return []Cap{ CAP_CHOWN, CAP_DAC_OVERRIDE, diff --git a/vendor/modules.txt b/vendor/modules.txt index 27b91c162..a57610d65 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -806,7 +806,7 @@ github.com/moby/docker-image-spec/specs-go/v1 # github.com/moby/patternmatcher v0.6.0 ## explicit; go 1.19 github.com/moby/patternmatcher -# github.com/moby/sys/capability v0.2.0 +# github.com/moby/sys/capability v0.3.0 ## explicit; go 1.21 github.com/moby/sys/capability # github.com/moby/sys/mountinfo v0.7.2 |