From 7208f83c04419cdbadd9ba9ea1db9c4890440d72 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Thu, 26 Sep 2024 18:17:05 -0700
Subject: [PATCH 1/2] capability: test nits

First, make capability_test.go a separate package so we are limited to
testing the external API (as opposed to e.g. state_linux_test.go in
which we test internal stuff as well).

Second, streamline the linux/non-linux code so it's easier to read and
copy/paste (in general, we only want to check that non-linux functions
can be called and return an error).

Third, change some non-fatal errors to use t.Errorf.

Fourth, use want/got everywhere in error messages, and add more context
to some errors.

Nothing here is critical or makes any noticeable impact on tests.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 capability/capability_test.go | 34 ++++++++++++++++------------------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/capability/capability_test.go b/capability/capability_test.go
index bb405e6f..b615dfe0 100644
--- a/capability/capability_test.go
+++ b/capability/capability_test.go
@@ -2,11 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package capability
+package capability_test
 
 import (
 	"runtime"
 	"testing"
+
+	. "github.com/moby/sys/capability"
 )
 
 // Based on the fact Go 1.18+ supports Linux >= 2.6.32, and
@@ -24,47 +26,43 @@ const (
 func TestLastCap(t *testing.T) {
 	last, err := LastCap()
 	switch runtime.GOOS {
-	case "linux":
-		if err != nil {
-			t.Fatal(err)
-		}
 	default:
 		if err == nil {
 			t.Fatal(runtime.GOOS, ": want error, got nil")
 		}
 		return
+	case "linux":
 	}
-
-	// Sanity checks (Linux only).
+	if err != nil {
+		t.Fatalf("LastCap: want nil, got error: %v", err)
+	}
+	// Sanity checks.
 	if last < minLastCap {
-		t.Fatalf("LastCap returned %d (%s), expected >= %d (%s)",
+		t.Errorf("LastCap: want >= %d (%s), got %d (%s)",
 			last, last, minLastCap, minLastCap)
 	}
 	if last > maxLastCap {
-		t.Fatalf("LastCap returned %d, expected <= %d (%s). Package needs to be updated.",
-			last, maxLastCap, maxLastCap)
+		t.Errorf("LastCap: want <= %d (%s), got %d (%s). Package needs to be updated.",
+			last, last, maxLastCap, maxLastCap)
 	}
 }
 
 func TestListSupported(t *testing.T) {
 	list, err := ListSupported()
 	switch runtime.GOOS {
-	case "linux":
-		if err != nil {
-			t.Fatal(err)
-		}
 	default:
 		if err == nil {
 			t.Fatal(runtime.GOOS, ": want error, got nil")
 		}
-	}
-	if runtime.GOOS != "linux" {
 		return
+	case "linux":
+	}
+	if err != nil {
+		t.Fatalf("ListSupported: want nil, got error: %v", err)
 	}
-	// Sanity check (Linux only).
 	t.Logf("got +%v (len %d)", list, len(list))
 	minLen := int(minLastCap) + 1
 	if len(list) < minLen {
-		t.Fatalf("result is too short (got %d, want %d): +%v", len(list), minLen, list)
+		t.Errorf("ListSupported: too short (want %d, got %d): +%v", minLen, len(list), list)
 	}
 }

From f0bde4151229da337a64d6d611dca8c6976bda73 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Wed, 25 Sep 2024 22:20:42 -0700
Subject: [PATCH 2/2] capability: use strings.CutPrefix in Load, add test

This makes it slightly less cryptic (in particular, replacing a literal
tab with "\t"), and also silences this codespell warning:

> ./capability/capability_linux.go:311: nd ==> and, 2nd

While at it, add a simple test for the method.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 capability/capability_linux.go |  8 ++++----
 capability/capability_test.go  | 25 +++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/capability/capability_linux.go b/capability/capability_linux.go
index aa600e1d..a2c9e10e 100644
--- a/capability/capability_linux.go
+++ b/capability/capability_linux.go
@@ -307,15 +307,15 @@ func (c *capsV3) Load() (err error) {
 			}
 			break
 		}
-		if strings.HasPrefix(line, "CapB") {
-			_, err = fmt.Sscanf(line[4:], "nd:  %08x%08x", &c.bounds[1], &c.bounds[0])
+		if val, ok := strings.CutPrefix(line, "CapBnd:\t"); ok {
+			_, err = fmt.Sscanf(val, "%08x%08x", &c.bounds[1], &c.bounds[0])
 			if err != nil {
 				break
 			}
 			continue
 		}
-		if strings.HasPrefix(line, "CapA") {
-			_, err = fmt.Sscanf(line[4:], "mb:  %08x%08x", &c.ambient[1], &c.ambient[0])
+		if val, ok := strings.CutPrefix(line, "CapAmb:\t"); ok {
+			_, err = fmt.Sscanf(val, "%08x%08x", &c.ambient[1], &c.ambient[0])
 			if err != nil {
 				break
 			}
diff --git a/capability/capability_test.go b/capability/capability_test.go
index b615dfe0..a1d27c67 100644
--- a/capability/capability_test.go
+++ b/capability/capability_test.go
@@ -66,3 +66,28 @@ func TestListSupported(t *testing.T) {
 		t.Errorf("ListSupported: too short (want %d, got %d): +%v", minLen, len(list), list)
 	}
 }
+
+func TestNewPid2Load(t *testing.T) {
+	c, err := NewPid2(0)
+	switch runtime.GOOS {
+	default:
+		if err == nil {
+			t.Fatal(runtime.GOOS, ": want error, got nil")
+		}
+		return
+	case "linux":
+	}
+	if err != nil {
+		t.Fatalf("NewPid2: want nil, got error: %v", err)
+	}
+	err = c.Load()
+	if err != nil {
+		t.Fatalf("Load: %v", err)
+	}
+	// Assuming that at least bounding set is not empty.
+	bset := c.StringCap(BOUNDING)
+	t.Logf("Bounding set: %s", bset)
+	if len(bset) == 0 {
+		t.Fatal("loaded bounding set: want non-empty, got empty")
+	}
+}