kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #41460 from thaJeztah/bump_gocapabilities

Browse source 
vendor: github.com/syndtr/gocapability 42c35b4376354fd554efc7ad35e0b7f94e3a0ffb
This commit is contained in:
Tibor Vass 2020-09-17 11:42:49 -07:00 committed by GitHub
commit 7f7e4abb33
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 53 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
vendor.conf
View file

@ -21,7 +21,7 @@ github.com/moby/sys 6154f11e6840c0d6b0dbb23f4125
golang.org/x/text 23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3 golang.org/x/text 23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3
gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2 gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2
github.com/google/go-cmp 3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0 github.com/google/go-cmp 3af367b6b30c263d47e8895973edcca9a49cf029 # v0.2.0
github.com/syndtr/gocapability d98352740cb2c55f81556b63d4a1ec64c5a319c2 github.com/syndtr/gocapability 42c35b4376354fd554efc7ad35e0b7f94e3a0ffb
github.com/RackSec/srslog a4725f04ec91af1a91b380da679d6e0c2f061e59 github.com/RackSec/srslog a4725f04ec91af1a91b380da679d6e0c2f061e59
github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6721b191b0369 # v0.3.8 github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6721b191b0369 # v0.3.8

45
vendor/github.com/syndtr/gocapability/capability/enum.go generated vendored
View file

@ -41,7 +41,9 @@ const (
//go:generate go run enumgen/gen.go //go:generate go run enumgen/gen.go
type Cap int type Cap int
// POSIX-draft defined capabilities. // POSIX-draft defined capabilities and Linux extensions.
//
// Defined in https://github.com/torvalds/linux/blob/master/include/uapi/linux/capability.h
const ( const (
// In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this // In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this
// overrides the restriction of changing file ownership and group // overrides the restriction of changing file ownership and group
@ -187,6 +189,7 @@ const (
// arbitrary SCSI commands // arbitrary SCSI commands
// Allow setting encryption key on loopback filesystem // Allow setting encryption key on loopback filesystem
// Allow setting zone reclaim policy // Allow setting zone reclaim policy
// Allow everything under CAP_BPF and CAP_PERFMON for backward compatibility
CAP_SYS_ADMIN = Cap(21) CAP_SYS_ADMIN = Cap(21)
// Allow use of reboot() // Allow use of reboot()
@ -211,6 +214,7 @@ const (
// Allow more than 64hz interrupts from the real-time clock // Allow more than 64hz interrupts from the real-time clock
// Override max number of consoles on console allocation // Override max number of consoles on console allocation
// Override max number of keymaps // Override max number of keymaps
// Control memory reclaim behavior
CAP_SYS_RESOURCE = Cap(24) CAP_SYS_RESOURCE = Cap(24)
// Allow manipulation of system clock // Allow manipulation of system clock
@ -256,8 +260,45 @@ const (
// Allow preventing system suspends // Allow preventing system suspends
CAP_BLOCK_SUSPEND = Cap(36) CAP_BLOCK_SUSPEND = Cap(36)
// Allow reading audit messages from the kernel // Allow reading the audit log via multicast netlink socket
CAP_AUDIT_READ = Cap(37) CAP_AUDIT_READ = Cap(37)
// Allow system performance and observability privileged operations
// using perf_events, i915_perf and other kernel subsystems
CAP_PERFMON = Cap(38)
// CAP_BPF allows the following BPF operations:
// - Creating all types of BPF maps
// - Advanced verifier features
// - Indirect variable access
// - Bounded loops
// - BPF to BPF function calls
// - Scalar precision tracking
// - Larger complexity limits
// - Dead code elimination
// - And potentially other features
// - Loading BPF Type Format (BTF) data
// - Retrieve xlated and JITed code of BPF programs
// - Use bpf_spin_lock() helper
//
// CAP_PERFMON relaxes the verifier checks further:
// - BPF progs can use of pointer-to-integer conversions
// - speculation attack hardening measures are bypassed
// - bpf_probe_read to read arbitrary kernel memory is allowed
// - bpf_trace_printk to print kernel memory is allowed
//
// CAP_SYS_ADMIN is required to use bpf_probe_write_user.
//
// CAP_SYS_ADMIN is required to iterate system wide loaded
// programs, maps, links, BTFs and convert their IDs to file descriptors.
//
// CAP_PERFMON and CAP_BPF are required to load tracing programs.
// CAP_NET_ADMIN and CAP_BPF are required to load networking programs.
CAP_BPF = Cap(39)
// Allow checkpoint/restore related operations.
// Introduced in kernel 5.9
CAP_CHECKPOINT_RESTORE = Cap(40)
) )
var ( var (

9
vendor/github.com/syndtr/gocapability/capability/enum_gen.go generated vendored
View file

@ -80,6 +80,12 @@ func (c Cap) String() string {
return "block_suspend" return "block_suspend"
case CAP_AUDIT_READ: case CAP_AUDIT_READ:
return "audit_read" return "audit_read"
case CAP_PERFMON:
return "perfmon"
case CAP_BPF:
return "bpf"
case CAP_CHECKPOINT_RESTORE:
return "checkpoint_restore"
} }
return "unknown" return "unknown"
} }
@ -125,5 +131,8 @@ func List() []Cap {
CAP_WAKE_ALARM, CAP_WAKE_ALARM,
CAP_BLOCK_SUSPEND, CAP_BLOCK_SUSPEND,
CAP_AUDIT_READ, CAP_AUDIT_READ,
CAP_PERFMON,
CAP_BPF,
CAP_CHECKPOINT_RESTORE,
} }
} }