Bump github.com/containers/storage from 1.26.0 to 1.29.0

Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.26.0 to 1.29.0. - [Release notes](https://github.com/containers/storage/releases) - [Changelog](https://github.com/containers/storage/blob/master/docs/containers-storage-changes.md) - [Commits](https://github.com/containers/storage/compare/v1.26.0...v1.29.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-09-04 08:04:56 +00:00 · 2021-04-13 08:44:26 +00:00
parent cfbabac961
commit 5485daff13
678 changed files with 44368 additions and 5994 deletions
--- a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
+++ b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go
@@ -7,6 +7,7 @@ package capabilities

 import (
 	"strings"
+	"sync"

 	"github.com/pkg/errors"
 	"github.com/syndtr/gocapability/capability"
@@ -16,6 +17,9 @@ var (
 	// Used internally and populated during init().
 	capabilityList []string

+	// Used internally and populated during init().
+	capsList []capability.Cap
+
 	// ErrUnknownCapability is thrown when an unknown capability is processed.
 	ErrUnknownCapability = errors.New("unknown capability")

@@ -24,10 +28,14 @@ var (
 	ContainerImageLabels = []string{"io.containers.capabilities"}
 )

-// All is a special value used to add/drop all known capababilities.
+// All is a special value used to add/drop all known capabilities.
 // Useful on the CLI for `--cap-add=all` etc.
 const All = "ALL"

+func getCapName(c capability.Cap) string {
+	return "CAP_" + strings.ToUpper(c.String())
+}
+
 func init() {
 	last := capability.CAP_LAST_CAP
 	// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
@@ -38,7 +46,8 @@ func init() {
 		if cap > last {
 			continue
 		}
-		capabilityList = append(capabilityList, "CAP_"+strings.ToUpper(cap.String()))
+		capsList = append(capsList, cap)
+		capabilityList = append(capabilityList, getCapName(cap))
 	}
 }

@@ -52,6 +61,38 @@ func stringInSlice(s string, sl []string) bool {
 	return false
 }

+var (
+	boundingSetOnce sync.Once
+	boundingSetRet  []string
+	boundingSetErr  error
+)
+
+// BoundingSet returns the capabilities in the current bounding set
+func BoundingSet() ([]string, error) {
+	boundingSetOnce.Do(func() {
+		currentCaps, err := capability.NewPid2(0)
+		if err != nil {
+			boundingSetErr = err
+			return
+		}
+		err = currentCaps.Load()
+		if err != nil {
+			boundingSetErr = err
+			return
+		}
+		var r []string
+		for _, c := range capsList {
+			if !currentCaps.Get(capability.BOUNDING, c) {
+				continue
+			}
+			r = append(r, getCapName(c))
+		}
+		boundingSetRet = r
+		boundingSetErr = err
+	})
+	return boundingSetRet, boundingSetErr
+}
+
 // AllCapabilities returns all known capabilities.
 func AllCapabilities() []string {
 	return capabilityList
@@ -88,7 +129,7 @@ func ValidateCapabilities(caps []string) error {
 	return nil
 }

-// MergeCapabilities computes a set of capabilities by adding capapbitilities
+// MergeCapabilities computes a set of capabilities by adding capabilities
 // to or dropping them from base.
 //
 // Note that:
@@ -122,7 +163,7 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) {

 	if stringInSlice(All, capAdd) {
 		// "Add" all capabilities;
-		return capabilityList, nil
+		return BoundingSet()
 	}

 	for _, add := range capAdd {