containers
/
automation-tests
mirror of https://github.com/containers/automation-tests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Switch to moby/sys/capability 

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin 2024-09-30 14:54:43 -07:00
parent 6a91149b53
commit 28e01cc8cc
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -67,7 +67,6 @@ require (
github.com/spf13/cobra v1.8.1 github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5 github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.9.0 github.com/stretchr/testify v1.9.0
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
github.com/vbauerster/mpb/v8 v8.8.3 github.com/vbauerster/mpb/v8 v8.8.3
github.com/vishvananda/netlink v1.3.0 github.com/vishvananda/netlink v1.3.0
go.etcd.io/bbolt v1.3.11 go.etcd.io/bbolt v1.3.11
@ -198,6 +197,7 @@ require (
github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect
github.com/sylabs/sif/v2 v2.19.1 // indirect github.com/sylabs/sif/v2 v2.19.1 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/tklauser/go-sysconf v0.3.12 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect

4
libpod/container_inspect_linux.go
View File

@ -10,9 +10,9 @@ import (
"github.com/containers/common/pkg/config" "github.com/containers/common/pkg/config"
"github.com/containers/podman/v5/libpod/define" "github.com/containers/podman/v5/libpod/define"
"github.com/containers/podman/v5/pkg/util" "github.com/containers/podman/v5/pkg/util"
"github.com/moby/sys/capability"
spec "github.com/opencontainers/runtime-spec/specs-go" spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/syndtr/gocapability/capability"
) )
func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostConfig *define.InspectContainerHostConfig) error { func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostConfig *define.InspectContainerHostConfig) error {
@ -151,7 +151,7 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
} }
} else { } else {
// If we are privileged, use all caps. // If we are privileged, use all caps.
for _, cap := range capability.List() { for _, cap := range capability.ListKnown() {
boundingCaps[fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))] = true boundingCaps[fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))] = true
} }
} }

4
test/e2e/run_privileged_test.go
View File

@ -8,9 +8,9 @@ import (
"strings" "strings"
. "github.com/containers/podman/v5/test/utils" . "github.com/containers/podman/v5/test/utils"
"github.com/moby/sys/capability"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
"github.com/syndtr/gocapability/capability"
) )
// helper function for confirming that container capabilities are equal // helper function for confirming that container capabilities are equal
@ -32,7 +32,7 @@ func containerCapMatchesHost(ctrCap string, hostCap string) {
// and host caps must always be a superset (inclusive) of container // and host caps must always be a superset (inclusive) of container
Expect(hostCapN).To(BeNumerically(">", 0), "host cap %q should be nonzero", hostCap) Expect(hostCapN).To(BeNumerically(">", 0), "host cap %q should be nonzero", hostCap)
Expect(hostCapN).To(BeNumerically(">=", ctrCapN), "host cap %q should never be less than container cap %q", hostCap, ctrCap) Expect(hostCapN).To(BeNumerically(">=", ctrCapN), "host cap %q should never be less than container cap %q", hostCap, ctrCap)
hostCapMasked := hostCapN & (1<<len(capability.List()) - 1) hostCapMasked := hostCapN & (1<<len(capability.ListKnown()) - 1)
Expect(ctrCapN).To(Equal(hostCapMasked), "container cap %q is not a subset of host cap %q", ctrCap, hostCap) Expect(ctrCapN).To(Equal(hostCapMasked), "container cap %q is not a subset of host cap %q", ctrCap, hostCap)
} }