Merge pull request #13091 from LK4D4/generate_caps

Generate caps

daemon/execdriver/utils.go

@@ -8,44 +8,25 @@ import (
 	"github.com/syndtr/gocapability/capability"
 )
 
-var capabilityList = Capabilities{
-	{Key: "SETPCAP", Value: capability.CAP_SETPCAP},
-	{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE},
-	{Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO},
-	{Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT},
-	{Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN},
-	{Key: "SYS_NICE", Value: capability.CAP_SYS_NICE},
-	{Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE},
-	{Key: "SYS_TIME", Value: capability.CAP_SYS_TIME},
-	{Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG},
-	{Key: "MKNOD", Value: capability.CAP_MKNOD},
-	{Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE},
-	{Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL},
-	{Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE},
-	{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN},
-	{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN},
-	{Key: "SYSLOG", Value: capability.CAP_SYSLOG},
-	{Key: "CHOWN", Value: capability.CAP_CHOWN},
-	{Key: "NET_RAW", Value: capability.CAP_NET_RAW},
-	{Key: "DAC_OVERRIDE", Value: capability.CAP_DAC_OVERRIDE},
-	{Key: "FOWNER", Value: capability.CAP_FOWNER},
-	{Key: "DAC_READ_SEARCH", Value: capability.CAP_DAC_READ_SEARCH},
-	{Key: "FSETID", Value: capability.CAP_FSETID},
-	{Key: "KILL", Value: capability.CAP_KILL},
-	{Key: "SETGID", Value: capability.CAP_SETGID},
-	{Key: "SETUID", Value: capability.CAP_SETUID},
-	{Key: "LINUX_IMMUTABLE", Value: capability.CAP_LINUX_IMMUTABLE},
-	{Key: "NET_BIND_SERVICE", Value: capability.CAP_NET_BIND_SERVICE},
-	{Key: "NET_BROADCAST", Value: capability.CAP_NET_BROADCAST},
-	{Key: "IPC_LOCK", Value: capability.CAP_IPC_LOCK},
-	{Key: "IPC_OWNER", Value: capability.CAP_IPC_OWNER},
-	{Key: "SYS_CHROOT", Value: capability.CAP_SYS_CHROOT},
-	{Key: "SYS_PTRACE", Value: capability.CAP_SYS_PTRACE},
-	{Key: "SYS_BOOT", Value: capability.CAP_SYS_BOOT},
-	{Key: "LEASE", Value: capability.CAP_LEASE},
-	{Key: "SETFCAP", Value: capability.CAP_SETFCAP},
-	{Key: "WAKE_ALARM", Value: capability.CAP_WAKE_ALARM},
-	{Key: "BLOCK_SUSPEND", Value: capability.CAP_BLOCK_SUSPEND},
+var capabilityList Capabilities
+
+func init() {
+	last := capability.CAP_LAST_CAP
+	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
+	if last == capability.Cap(63) {
+		last = capability.CAP_BLOCK_SUSPEND
+	}
+	for _, cap := range capability.List() {
+		if cap > last {
+			continue
+		}
+		capabilityList = append(capabilityList,
+			&CapabilityMapping{
+				Key:   strings.ToUpper(cap.String()),
+				Value: cap,
+			},
+		)
+	}
 }
 
 type (

hack/vendor.sh

@@ -68,4 +68,4 @@ clone git github.com/docker/libcontainer 90f8aa670f1f424041059060c7c63fe4dee2e44
 # libcontainer deps (see src/github.com/docker/libcontainer/update-vendor.sh)
 clone git github.com/coreos/go-systemd v2
 clone git github.com/godbus/dbus v2
-clone git github.com/syndtr/gocapability 8e4cdcb
+clone git github.com/syndtr/gocapability 66ef2aa7a23ba682594e2b6f74cf40c0692b49fb

vendor/src/github.com/syndtr/gocapability/capability/enum.go

@@ -34,90 +34,9 @@ const (
 	BOUNDS = BOUNDING
 )
 
+//go:generate go run enumgen/gen.go
 type Cap int
 
-func (c Cap) String() string {
-	switch c {
-	case CAP_CHOWN:
-		return "chown"
-	case CAP_DAC_OVERRIDE:
-		return "dac_override"
-	case CAP_DAC_READ_SEARCH:
-		return "dac_read_search"
-	case CAP_FOWNER:
-		return "fowner"
-	case CAP_FSETID:
-		return "fsetid"
-	case CAP_KILL:
-		return "kill"
-	case CAP_SETGID:
-		return "setgid"
-	case CAP_SETUID:
-		return "setuid"
-	case CAP_SETPCAP:
-		return "setpcap"
-	case CAP_LINUX_IMMUTABLE:
-		return "linux_immutable"
-	case CAP_NET_BIND_SERVICE:
-		return "net_bind_service"
-	case CAP_NET_BROADCAST:
-		return "net_broadcast"
-	case CAP_NET_ADMIN:
-		return "net_admin"
-	case CAP_NET_RAW:
-		return "net_raw"
-	case CAP_IPC_LOCK:
-		return "ipc_lock"
-	case CAP_IPC_OWNER:
-		return "ipc_owner"
-	case CAP_SYS_MODULE:
-		return "sys_module"
-	case CAP_SYS_RAWIO:
-		return "sys_rawio"
-	case CAP_SYS_CHROOT:
-		return "sys_chroot"
-	case CAP_SYS_PTRACE:
-		return "sys_ptrace"
-	case CAP_SYS_PACCT:
-		return "sys_psacct"
-	case CAP_SYS_ADMIN:
-		return "sys_admin"
-	case CAP_SYS_BOOT:
-		return "sys_boot"
-	case CAP_SYS_NICE:
-		return "sys_nice"
-	case CAP_SYS_RESOURCE:
-		return "sys_resource"
-	case CAP_SYS_TIME:
-		return "sys_time"
-	case CAP_SYS_TTY_CONFIG:
-		return "sys_tty_config"
-	case CAP_MKNOD:
-		return "mknod"
-	case CAP_LEASE:
-		return "lease"
-	case CAP_AUDIT_WRITE:
-		return "audit_write"
-	case CAP_AUDIT_CONTROL:
-		return "audit_control"
-	case CAP_SETFCAP:
-		return "setfcap"
-	case CAP_MAC_OVERRIDE:
-		return "mac_override"
-	case CAP_MAC_ADMIN:
-		return "mac_admin"
-	case CAP_SYSLOG:
-		return "syslog"
-	case CAP_WAKE_ALARM:
-		return "wake_alarm"
-	case CAP_BLOCK_SUSPEND:
-		return "block_suspend"
-	case CAP_AUDIT_READ:
-		return "audit_read"
-	}
-	return "unknown"
-}
-
 // POSIX-draft defined capabilities.
 const (
 	// In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this

vendor/src/github.com/syndtr/gocapability/capability/enum_gen.go

@@ -0,0 +1,129 @@
+// generated file; DO NOT EDIT - use go generate in directory with source
+
+package capability
+
+func (c Cap) String() string {
+	switch c {
+	case CAP_CHOWN:
+		return "chown"
+	case CAP_DAC_OVERRIDE:
+		return "dac_override"
+	case CAP_DAC_READ_SEARCH:
+		return "dac_read_search"
+	case CAP_FOWNER:
+		return "fowner"
+	case CAP_FSETID:
+		return "fsetid"
+	case CAP_KILL:
+		return "kill"
+	case CAP_SETGID:
+		return "setgid"
+	case CAP_SETUID:
+		return "setuid"
+	case CAP_SETPCAP:
+		return "setpcap"
+	case CAP_LINUX_IMMUTABLE:
+		return "linux_immutable"
+	case CAP_NET_BIND_SERVICE:
+		return "net_bind_service"
+	case CAP_NET_BROADCAST:
+		return "net_broadcast"
+	case CAP_NET_ADMIN:
+		return "net_admin"
+	case CAP_NET_RAW:
+		return "net_raw"
+	case CAP_IPC_LOCK:
+		return "ipc_lock"
+	case CAP_IPC_OWNER:
+		return "ipc_owner"
+	case CAP_SYS_MODULE:
+		return "sys_module"
+	case CAP_SYS_RAWIO:
+		return "sys_rawio"
+	case CAP_SYS_CHROOT:
+		return "sys_chroot"
+	case CAP_SYS_PTRACE:
+		return "sys_ptrace"
+	case CAP_SYS_PACCT:
+		return "sys_pacct"
+	case CAP_SYS_ADMIN:
+		return "sys_admin"
+	case CAP_SYS_BOOT:
+		return "sys_boot"
+	case CAP_SYS_NICE:
+		return "sys_nice"
+	case CAP_SYS_RESOURCE:
+		return "sys_resource"
+	case CAP_SYS_TIME:
+		return "sys_time"
+	case CAP_SYS_TTY_CONFIG:
+		return "sys_tty_config"
+	case CAP_MKNOD:
+		return "mknod"
+	case CAP_LEASE:
+		return "lease"
+	case CAP_AUDIT_WRITE:
+		return "audit_write"
+	case CAP_AUDIT_CONTROL:
+		return "audit_control"
+	case CAP_SETFCAP:
+		return "setfcap"
+	case CAP_MAC_OVERRIDE:
+		return "mac_override"
+	case CAP_MAC_ADMIN:
+		return "mac_admin"
+	case CAP_SYSLOG:
+		return "syslog"
+	case CAP_WAKE_ALARM:
+		return "wake_alarm"
+	case CAP_BLOCK_SUSPEND:
+		return "block_suspend"
+	case CAP_AUDIT_READ:
+		return "audit_read"
+	}
+	return "unknown"
+}
+
+// List returns list of all supported capabilities
+func List() []Cap {
+	return []Cap{
+		CAP_CHOWN,
+		CAP_DAC_OVERRIDE,
+		CAP_DAC_READ_SEARCH,
+		CAP_FOWNER,
+		CAP_FSETID,
+		CAP_KILL,
+		CAP_SETGID,
+		CAP_SETUID,
+		CAP_SETPCAP,
+		CAP_LINUX_IMMUTABLE,
+		CAP_NET_BIND_SERVICE,
+		CAP_NET_BROADCAST,
+		CAP_NET_ADMIN,
+		CAP_NET_RAW,
+		CAP_IPC_LOCK,
+		CAP_IPC_OWNER,
+		CAP_SYS_MODULE,
+		CAP_SYS_RAWIO,
+		CAP_SYS_CHROOT,
+		CAP_SYS_PTRACE,
+		CAP_SYS_PACCT,
+		CAP_SYS_ADMIN,
+		CAP_SYS_BOOT,
+		CAP_SYS_NICE,
+		CAP_SYS_RESOURCE,
+		CAP_SYS_TIME,
+		CAP_SYS_TTY_CONFIG,
+		CAP_MKNOD,
+		CAP_LEASE,
+		CAP_AUDIT_WRITE,
+		CAP_AUDIT_CONTROL,
+		CAP_SETFCAP,
+		CAP_MAC_OVERRIDE,
+		CAP_MAC_ADMIN,
+		CAP_SYSLOG,
+		CAP_WAKE_ALARM,
+		CAP_BLOCK_SUSPEND,
+		CAP_AUDIT_READ,
+	}
+}

vendor/src/github.com/syndtr/gocapability/capability/enumgen/gen.go

@@ -0,0 +1,92 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"go/ast"
+	"go/format"
+	"go/parser"
+	"go/token"
+	"io/ioutil"
+	"log"
+	"os"
+	"strings"
+)
+
+const fileName = "enum.go"
+const genName = "enum_gen.go"
+
+type generator struct {
+	buf  bytes.Buffer
+	caps []string
+}
+
+func (g *generator) writeHeader() {
+	g.buf.WriteString("// generated file; DO NOT EDIT - use go generate in directory with source\n")
+	g.buf.WriteString("\n")
+	g.buf.WriteString("package capability")
+}
+
+func (g *generator) writeStringFunc() {
+	g.buf.WriteString("\n")
+	g.buf.WriteString("func (c Cap) String() string {\n")
+	g.buf.WriteString("switch c {\n")
+	for _, cap := range g.caps {
+		fmt.Fprintf(&g.buf, "case %s:\n", cap)
+		fmt.Fprintf(&g.buf, "return \"%s\"\n", strings.ToLower(cap[4:]))
+	}
+	g.buf.WriteString("}\n")
+	g.buf.WriteString("return \"unknown\"\n")
+	g.buf.WriteString("}\n")
+}
+
+func (g *generator) writeListFunc() {
+	g.buf.WriteString("\n")
+	g.buf.WriteString("// List returns list of all supported capabilities\n")
+	g.buf.WriteString("func List() []Cap {\n")
+	g.buf.WriteString("return []Cap{\n")
+	for _, cap := range g.caps {
+		fmt.Fprintf(&g.buf, "%s,\n", cap)
+	}
+	g.buf.WriteString("}\n")
+	g.buf.WriteString("}\n")
+}
+
+func main() {
+	fs := token.NewFileSet()
+	parsedFile, err := parser.ParseFile(fs, fileName, nil, 0)
+	if err != nil {
+		log.Fatal(err)
+	}
+	var caps []string
+	for _, decl := range parsedFile.Decls {
+		decl, ok := decl.(*ast.GenDecl)
+		if !ok || decl.Tok != token.CONST {
+			continue
+		}
+		for _, spec := range decl.Specs {
+			vspec := spec.(*ast.ValueSpec)
+			name := vspec.Names[0].Name
+			if strings.HasPrefix(name, "CAP_") {
+				caps = append(caps, name)
+			}
+		}
+	}
+	g := &generator{caps: caps}
+	g.writeHeader()
+	g.writeStringFunc()
+	g.writeListFunc()
+	src, err := format.Source(g.buf.Bytes())
+	if err != nil {
+		fmt.Println("generated invalid Go code")
+		fmt.Println(g.buf.String())
+		log.Fatal(err)
+	}
+	fi, err := os.Stat(fileName)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if err := ioutil.WriteFile(genName, src, fi.Mode().Perm()); err != nil {
+		log.Fatal(err)
+	}
+}