github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-30 12:44:39 +00:00
Code Issues Projects Releases Wiki Activity

agent/rustjail/capabilities: Use anyhow for error handling

Browse Source 
Use `.to_string` to wrap up `caps::errors::Error`s since they are not
thread safe, otherwise `cargo build` will fail with the following error:

```
doesn't satisfy `caps::errors::Error: std::marker::Sync`
```

Signed-off-by: Julio Montes <julio.montes@intel.com>
This commit is contained in:
Julio Montes 2020-08-28 10:36:26 -05:00
parent 6a4c9b14f2
commit 2e3e2ce114
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/agent/rustjail/src/capabilities.rs
View File

@ -8,9 +8,9 @@
use lazy_static; use lazy_static;
use crate::errors::*;
use crate::log_child; use crate::log_child;
use crate::sync::write_count; use crate::sync::write_count;
use anyhow::{anyhow, Result};
use caps::{self, CapSet, Capability, CapsHashSet}; use caps::{self, CapSet, Capability, CapsHashSet};
use oci::LinuxCapabilities; use oci::LinuxCapabilities;
use std::collections::HashMap; use std::collections::HashMap;
@ -96,7 +96,7 @@ fn to_capshashset(cfd_log: RawFd, caps: &[String]) -> CapsHashSet {
} }
pub fn reset_effective() -> Result<()> { pub fn reset_effective() -> Result<()> {
caps::set(None, CapSet::Effective, caps::all())?; caps::set(None, CapSet::Effective, caps::all()).map_err(|e| anyhow!(e.to_string()))?;
Ok(()) Ok(())
} }
@ -104,24 +104,27 @@ pub fn drop_priviledges(cfd_log: RawFd, caps: &LinuxCapabilities) -> Result<()>
let all = caps::all(); let all = caps::all();
for c in all.difference(&to_capshashset(cfd_log, caps.bounding.as_ref())) { for c in all.difference(&to_capshashset(cfd_log, caps.bounding.as_ref())) {
caps::drop(None, CapSet::Bounding, *c)?; caps::drop(None, CapSet::Bounding, *c).map_err(|e| anyhow!(e.to_string()))?;
} }
caps::set( caps::set(
None, None,
CapSet::Effective, CapSet::Effective,
to_capshashset(cfd_log, caps.effective.as_ref()), to_capshashset(cfd_log, caps.effective.as_ref()),
)?; )
.map_err(|e| anyhow!(e.to_string()))?;
caps::set( caps::set(
None, None,
CapSet::Permitted, CapSet::Permitted,
to_capshashset(cfd_log, caps.permitted.as_ref()), to_capshashset(cfd_log, caps.permitted.as_ref()),
)?; )
.map_err(|e| anyhow!(e.to_string()))?;
caps::set( caps::set(
None, None,
CapSet::Inheritable, CapSet::Inheritable,
to_capshashset(cfd_log, caps.inheritable.as_ref()), to_capshashset(cfd_log, caps.inheritable.as_ref()),
)?; )
.map_err(|e| anyhow!(e.to_string()))?;
if let Err(_) = caps::set( if let Err(_) = caps::set(
None, None,