Skip to content

Commit

Permalink
libct/cap: internalize capSlice
Browse files Browse the repository at this point in the history
Move capSlice to be an internal function of New. This way, we don't have
to pass most parameters.

This is a preparation for the next commit.

Signed-off-by: Kir Kolyshkin <[email protected]>
  • Loading branch information
kolyshkin committed Jul 31, 2024
1 parent 2bb6167 commit cbdbc00
Showing 1 changed file with 20 additions and 21 deletions.
41 changes: 20 additions & 21 deletions libcontainer/capabilities/capabilities.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,28 @@ func New(capConfig *configs.Capabilities) (*Caps, error) {
c Caps
)

cm := capMap()
unknownCaps := make(map[string]struct{})
// capSlice converts the slice of capability names in caps, to their numeric
// equivalent, and returns them as a slice. Unknown or unavailable capabilities
// are not returned, but appended to unknownCaps.
capSlice := func(caps []string) []capability.Cap {
out := make([]capability.Cap, 0, len(caps))
for _, c := range caps {
if v, ok := cm[c]; !ok {
unknownCaps[c] = struct{}{}
} else {
out = append(out, v)
}
}
return out
}
c.caps = map[capability.CapType][]capability.Cap{
capability.BOUNDING: capSlice(capConfig.Bounding, unknownCaps),
capability.EFFECTIVE: capSlice(capConfig.Effective, unknownCaps),
capability.INHERITABLE: capSlice(capConfig.Inheritable, unknownCaps),
capability.PERMITTED: capSlice(capConfig.Permitted, unknownCaps),
capability.AMBIENT: capSlice(capConfig.Ambient, unknownCaps),
capability.BOUNDING: capSlice(capConfig.Bounding),
capability.EFFECTIVE: capSlice(capConfig.Effective),
capability.INHERITABLE: capSlice(capConfig.Inheritable),
capability.PERMITTED: capSlice(capConfig.Permitted),
capability.AMBIENT: capSlice(capConfig.Ambient),
}
if c.pid, err = capability.NewPid2(0); err != nil {
return nil, err
Expand All @@ -75,22 +90,6 @@ func New(capConfig *configs.Capabilities) (*Caps, error) {
return &c, nil
}

// capSlice converts the slice of capability names in caps, to their numeric
// equivalent, and returns them as a slice. Unknown or unavailable capabilities
// are not returned, but appended to unknownCaps.
func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap {
cm := capMap()
out := make([]capability.Cap, 0, len(caps))
for _, c := range caps {
if v, ok := cm[c]; !ok {
unknownCaps[c] = struct{}{}
} else {
out = append(out, v)
}
}
return out
}

// mapKeys returns the keys of input in sorted order
func mapKeys(input map[string]struct{}) []string {
keys := make([]string, 0, len(input))
Expand Down

0 comments on commit cbdbc00

Please sign in to comment.