replace github.com/syndtr/gocapability with github.com/kolyshkin/capability

Signed-off-by: ningmingxiao <[email protected]>

Author: ningmingxiao

go.mod

@@ -10,14 +10,14 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.4
 	github.com/docker/go-units v0.5.0
 	github.com/godbus/dbus/v5 v5.1.0
+	github.com/kolyshkin/capability v0.0.0-20240730232143-634ecd5779f0
 	github.com/moby/sys/mountinfo v0.7.1
 	github.com/moby/sys/user v0.1.0
 	github.com/mrunalp/fileutils v0.5.1
 	github.com/opencontainers/runtime-spec v1.2.0
 	github.com/opencontainers/selinux v1.11.0
 	github.com/seccomp/libseccomp-golang v0.10.0
 	github.com/sirupsen/logrus v1.9.3
-	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
 	github.com/urfave/cli v1.22.14
 	github.com/vishvananda/netlink v1.1.0
 	golang.org/x/net v0.24.0

go.sum

@@ -26,6 +26,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/kolyshkin/capability v0.0.0-20240730232143-634ecd5779f0 h1:H16XdVvPM0IuE6/Seytqn1oLj7wx3nbiZUZPotdJ1ko=
+github.com/kolyshkin/capability v0.0.0-20240730232143-634ecd5779f0/go.mod h1:LLvqGTUJOPNZaZd47EGYif+S7+CmFocn0v7gt9ue2pg=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -60,8 +62,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
-github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=
 github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA=
 github.com/vishvananda/netlink v1.1.0 h1:1iyaYNBLmP6L0220aDnYQpo1QEV4t4hJ+xEEhhJH8j0=

libcontainer/capabilities/capabilities.go

@@ -6,16 +6,15 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/kolyshkin/capability"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/sirupsen/logrus"
-	"github.com/syndtr/gocapability/capability"
 )
 
 const allCapabilityTypes = capability.CAPS | capability.BOUNDING | capability.AMBIENT
 
 var (
-	capabilityMap map[string]capability.Cap
-	capTypes      = []capability.CapType{
+	capTypes = []capability.CapType{
 		capability.BOUNDING,
 		capability.PERMITTED,
 		capability.INHERITABLE,
@@ -24,14 +23,19 @@ var (
 	}
 )
 
-func init() {
-	capabilityMap = make(map[string]capability.Cap, capability.CAP_LAST_CAP+1)
+func getCapMap() (map[string]capability.Cap, error) {
+	lastcap, err := capability.LastCap()
+	if err != nil {
+		return nil, err
+	}
+	capabilityMap := make(map[string]capability.Cap, lastcap+1)
 	for _, c := range capability.List() {
-		if c > capability.CAP_LAST_CAP {
+		if c > lastcap {
 			continue
 		}
 		capabilityMap["CAP_"+strings.ToUpper(c.String())] = c
 	}
+	return capabilityMap, nil
 }
 
 // KnownCapabilities returns the list of the known capabilities.
@@ -53,14 +57,17 @@ func New(capConfig *configs.Capabilities) (*Caps, error) {
 		err error
 		c   Caps
 	)
-
+	cmap, err := getCapMap()
+	if err != nil {
+		return nil, err
+	}
 	unknownCaps := make(map[string]struct{})
 	c.caps = map[capability.CapType][]capability.Cap{
-		capability.BOUNDING:    capSlice(capConfig.Bounding, unknownCaps),
-		capability.EFFECTIVE:   capSlice(capConfig.Effective, unknownCaps),
-		capability.INHERITABLE: capSlice(capConfig.Inheritable, unknownCaps),
-		capability.PERMITTED:   capSlice(capConfig.Permitted, unknownCaps),
-		capability.AMBIENT:     capSlice(capConfig.Ambient, unknownCaps),
+		capability.BOUNDING:    capSlice(capConfig.Bounding, cmap, unknownCaps),
+		capability.EFFECTIVE:   capSlice(capConfig.Effective, cmap, unknownCaps),
+		capability.INHERITABLE: capSlice(capConfig.Inheritable, cmap, unknownCaps),
+		capability.PERMITTED:   capSlice(capConfig.Permitted, cmap, unknownCaps),
+		capability.AMBIENT:     capSlice(capConfig.Ambient, cmap, unknownCaps),
 	}
 	if c.pid, err = capability.NewPid2(0); err != nil {
 		return nil, err
@@ -77,10 +84,10 @@ func New(capConfig *configs.Capabilities) (*Caps, error) {
 // capSlice converts the slice of capability names in caps, to their numeric
 // equivalent, and returns them as a slice. Unknown or unavailable capabilities
 // are not returned, but appended to unknownCaps.
-func capSlice(caps []string, unknownCaps map[string]struct{}) []capability.Cap {
+func capSlice(caps []string, cmap map[string]capability.Cap, unknownCaps map[string]struct{}) []capability.Cap {
 	var out []capability.Cap
 	for _, c := range caps {
-		if v, ok := capabilityMap[c]; !ok {
+		if v, ok := cmap[c]; !ok {
 			unknownCaps[c] = struct{}{}
 		} else {
 			out = append(out, v)

libcontainer/capabilities/capabilities_linux_test.go

@@ -8,7 +8,7 @@ import (
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/sirupsen/logrus"
 	"github.com/sirupsen/logrus/hooks/test"
-	"github.com/syndtr/gocapability/capability"
+	"github.com/kolyshkin/capability"
 )
 
 func TestNew(t *testing.T) {