From cbdbc00ba0e8d4bc8009c07ba469b999320f5793 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Wed, 31 Jul 2024 15:56:34 -0700 Subject: [PATCH] libct/cap: internalize capSlice Move capSlice to be an internal function of New. This way, we don't have to pass most parameters. This is a preparation for the next commit. Signed-off-by: Kir Kolyshkin --- libcontainer/capabilities/capabilities.go | 41 +++++++++++------------ 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/libcontainer/capabilities/capabilities.go b/libcontainer/capabilities/capabilities.go index 9179774af6c..7928c340848 100644 --- a/libcontainer/capabilities/capabilities.go +++ b/libcontainer/capabilities/capabilities.go @@ -55,13 +55,28 @@ func New(capConfig *configs.Capabilities) (*Caps, error) { c Caps ) + cm := capMap() unknownCaps := make(map[string]struct{}) + // capSlice converts the slice of capability names in caps, to their numeric + // equivalent, and returns them as a slice. Unknown or unavailable capabilities + // are not returned, but appended to unknownCaps. + capSlice := func(caps []string) []capability.Cap { + out := make([]capability.Cap, 0, len(caps)) + for _, c := range caps { + if v, ok := cm[c]; !ok { + unknownCaps[c] = struct{}{} + } else { + out = append(out, v) + } + } + return out + } c.caps = map[capability.CapType][]capability.Cap{ - capability.BOUNDING: capSlice(capConfig.Bounding, unknownCaps), - capability.EFFECTIVE: capSlice(capConfig.Effective, unknownCaps), - capability.INHERITABLE: capSlice(capConfig.Inheritable, unknownCaps), - capability.PERMITTED: capSlice(capConfig.Permitted, unknownCaps), - capability.AMBIENT: capSlice(capConfig.Ambient, unknownCaps), + capability.BOUNDING: capSlice(capConfig.Bounding), + capability.EFFECTIVE: capSlice(capConfig.Effective), + capability.INHERITABLE: capSlice(capConfig.Inheritable), + capability.PERMITTED: capSlice(capConfig.Permitted), + capability.AMBIENT: capSlice(capConfig.Ambient), } if c.pid, err = capability.NewPid2(0); err != nil { return nil, err @@ -75,22 +90,6 @@ func New(capConfig *configs.Capabilities) (*Caps, error) { return &c, nil } -// capSlice converts the slice of capability names in caps, to their numeric -// equivalent, and returns them as a slice. Unknown or unavailable capabilities -// are not returned, but appended to unknownCaps. -func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap { - cm := capMap() - out := make([]capability.Cap, 0, len(caps)) - for _, c := range caps { - if v, ok := cm[c]; !ok { - unknownCaps[c] = struct{}{} - } else { - out = append(out, v) - } - } - return out -} - // mapKeys returns the keys of input in sorted order func mapKeys(input map[string]struct{}) []string { keys := make([]string, 0, len(input))