0ct0pu5
/
moby


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
							package libcontainer

import (
	"encoding/json"
	"errors"
	"github.com/syndtr/gocapability/capability"
	"os"
)

var (
	ErrUnkownNamespace  = errors.New("Unknown namespace")
	ErrUnkownCapability = errors.New("Unknown capability")
	ErrUnsupported      = errors.New("Unsupported method")
)

// namespaceList is used to convert the libcontainer types
// into the names of the files located in /proc/<pid>/ns/* for
// each namespace
var (
	namespaceList = Namespaces{}

	capabilityList = Capabilities{
		{Key: "SETPCAP", Value: capability.CAP_SETPCAP},
		{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE},
		{Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO},
		{Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT},
		{Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN},
		{Key: "SYS_NICE", Value: capability.CAP_SYS_NICE},
		{Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE},
		{Key: "SYS_TIME", Value: capability.CAP_SYS_TIME},
		{Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG},
		{Key: "MKNOD", Value: capability.CAP_MKNOD},
		{Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE},
		{Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL},
		{Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE},
		{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN},
		{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN},
	}
)

type (
	Namespace struct {
		Key   string
		Value int
		File  string
	}
	Namespaces []*Namespace
)

func (ns *Namespace) String() string {
	return ns.Key
}

func (ns *Namespace) MarshalJSON() ([]byte, error) {
	return json.Marshal(ns.Key)
}

func (ns *Namespace) UnmarshalJSON(src []byte) error {
	var nsName string
	if err := json.Unmarshal(src, &nsName); err != nil {
		return err
	}
	ret := GetNamespace(nsName)
	if ret == nil {
		return ErrUnkownNamespace
	}
	*ns = *ret
	return nil
}

func GetNamespace(key string) *Namespace {
	for _, ns := range namespaceList {
		if ns.Key == key {
			return ns
		}
	}
	if os.Getenv("DEBUG") != "" {
		panic("Unreachable: Namespace not found")
	}
	return nil
}

// Contains returns true if the specified Namespace is
// in the slice
func (n Namespaces) Contains(ns string) bool {
	return GetNamespace(ns) != nil
}

type (
	Capability struct {
		Key   string
		Value capability.Cap
	}
	Capabilities []*Capability
)

func (c *Capability) String() string {
	return c.Key
}

func (c *Capability) MarshalJSON() ([]byte, error) {
	return json.Marshal(c.Key)
}

func (c *Capability) UnmarshalJSON(src []byte) error {
	var capName string
	if err := json.Unmarshal(src, &capName); err != nil {
		return err
	}
	ret := GetCapability(capName)
	if ret == nil {
		return ErrUnkownCapability
	}
	*c = *ret
	return nil
}

func GetCapability(key string) *Capability {
	for _, capp := range capabilityList {
		if capp.Key == key {
			return capp
		}
	}
	if os.Getenv("DEBUG") != "" {
		panic("Unreachable: Capability not found")
	}
	return nil
}

// Contains returns true if the specified Capability is
// in the slice
func (c Capabilities) Contains(capp string) bool {
	return GetCapability(capp) != nil
}