From 7fafaed265992712d1d85d1f2e07c5f6dc1f5687 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 20 Sep 2024 10:49:41 -0700 Subject: [PATCH 1/2] capability: introduce/use errNotSup Signed-off-by: Kir Kolyshkin --- capability/capability_noop.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/capability/capability_noop.go b/capability/capability_noop.go index 2e836fbc..d5798ffa 100644 --- a/capability/capability_noop.go +++ b/capability/capability_noop.go @@ -11,10 +11,12 @@ package capability import "errors" -func newPid(pid int) (Capabilities, error) { - return nil, errors.New("not supported") +var errNotSup = errors.New("not supported") + +func newPid(_ int) (Capabilities, error) { + return nil, errNotSup } -func newFile(path string) (Capabilities, error) { - return nil, errors.New("not supported") +func newFile(_ string) (Capabilities, error) { + return nil, errNotSup } From f8fb9c5ef83fe8ab0ade1980ecc2bb92ca767385 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Fri, 20 Sep 2024 10:52:16 -0700 Subject: [PATCH 2/2] capability: add LastCap stub for non-Linux So that the code which uses capability.LastCap can be compiled on non-Linux platforms. Amend the LastCap test to also run on non-Linux. Signed-off-by: Kir Kolyshkin --- capability/capability.go | 6 ++++++ capability/capability_linux.go | 5 ----- capability/capability_noop.go | 4 ++++ ...ility_linux_test.go => capability_test.go} | 19 +++++++++++++++---- 4 files changed, 25 insertions(+), 9 deletions(-) rename capability/{capability_linux_test.go => capability_test.go} (79%) diff --git a/capability/capability.go b/capability/capability.go index 2c46b8e0..3e5152c3 100644 --- a/capability/capability.go +++ b/capability/capability.go @@ -132,3 +132,9 @@ func NewFile(path string) (Capabilities, error) { func NewFile2(path string) (Capabilities, error) { return newFile(path) } + +// LastCap returns highest valid capability of the running kernel, +// or an error if it can not be obtained. +func LastCap() (Cap, error) { + return lastCap() +} diff --git a/capability/capability_linux.go b/capability/capability_linux.go index d30b6f8e..aa600e1d 100644 --- a/capability/capability_linux.go +++ b/capability/capability_linux.go @@ -25,11 +25,6 @@ const ( linuxCapVer3 = 0x20080522 ) -// LastCap returns highest valid capability of the running kernel. -func LastCap() (Cap, error) { - return lastCap() -} - var lastCap = sync.OnceValues(func() (Cap, error) { f, err := os.Open("/proc/sys/kernel/cap_last_cap") if err != nil { diff --git a/capability/capability_noop.go b/capability/capability_noop.go index d5798ffa..ba819ff0 100644 --- a/capability/capability_noop.go +++ b/capability/capability_noop.go @@ -20,3 +20,7 @@ func newPid(_ int) (Capabilities, error) { func newFile(_ string) (Capabilities, error) { return nil, errNotSup } + +func lastCap() (Cap, error) { + return -1, errNotSup +} diff --git a/capability/capability_linux_test.go b/capability/capability_test.go similarity index 79% rename from capability/capability_linux_test.go rename to capability/capability_test.go index f4e30526..ec03f18a 100644 --- a/capability/capability_linux_test.go +++ b/capability/capability_test.go @@ -4,15 +4,26 @@ package capability -import "testing" +import ( + "runtime" + "testing" +) func TestLastCap(t *testing.T) { last, err := LastCap() - if err != nil { - t.Fatal(err) + switch runtime.GOOS { + case "linux": + if err != nil { + t.Fatal(err) + } + default: + if err == nil { + t.Fatal(runtime.GOOS, ": want error, got nil") + } + return } - // Sanity checks. + // Sanity checks (Linux only). // // Based on the fact Go 1.18+ supports Linux >= 2.6.32, and // - CAP_MAC_ADMIN (33) was added in 2.6.25;