github.com/apptainer/singularity@v3.1.1+incompatible/internal/app/singularity/capability_list_linux.go

github.com/apptainer/singularity@v3.1.1+incompatible/internal/app/singularity/capability_list_linux.go (about)

     1  // Copyright (c) 2018-2019, Sylabs Inc. All rights reserved.
     2  // This software is licensed under a 3-clause BSD license. Please consult the
     3  // LICENSE.md file distributed with the sources of this project regarding your
     4  // rights to use or distribute this software.
     5  
     6  package singularity
     7  
     8  import (
     9  	"fmt"
    10  	"os"
    11  	"strings"
    12  	"syscall"
    13  
    14  	"github.com/sylabs/singularity/pkg/util/capabilities"
    15  )
    16  
    17  // CapListConfig instructs CapabilityList on what to list
    18  type CapListConfig struct {
    19  	User  string
    20  	Group string
    21  	All   bool
    22  }
    23  
    24  // CapabilityList lists the capabilities based on the CapListConfig
    25  func CapabilityList(capFile string, c CapListConfig) error {
    26  	if c.User == "" && c.Group == "" && !c.All {
    27  		return fmt.Errorf("while listing capabilities: must specify a user or a group")
    28  	}
    29  
    30  	oldmask := syscall.Umask(0)
    31  	defer syscall.Umask(oldmask)
    32  
    33  	file, err := os.OpenFile(capFile, os.O_RDONLY, 0644)
    34  	if err != nil {
    35  		return fmt.Errorf("while opening capability config file: %s", err)
    36  	}
    37  	defer file.Close()
    38  
    39  	capConfig, err := capabilities.ReadFrom(file)
    40  	if err != nil {
    41  		return fmt.Errorf("while parsing capability config data: %s", err)
    42  	}
    43  
    44  	outputCaps := 0
    45  
    46  	// if --all specified, take priority over listing specific user/group
    47  	if c.All {
    48  		users, groups := capConfig.ListAllCaps()
    49  
    50  		for user, cap := range users {
    51  			if len(cap) > 0 {
    52  				fmt.Printf("%s [user]: %s\n", user, strings.Join(cap, ","))
    53  				outputCaps++
    54  			}
    55  		}
    56  
    57  		for group, cap := range groups {
    58  			if len(cap) > 0 {
    59  				fmt.Printf("%s [group]: %s\n", group, strings.Join(cap, ","))
    60  				outputCaps++
    61  			}
    62  		}
    63  
    64  		if outputCaps == 0 {
    65  			return fmt.Errorf("no capability set for users or groups")
    66  		}
    67  
    68  		return nil
    69  	}
    70  
    71  	if c.User != "" {
    72  		caps := capConfig.ListUserCaps(c.User)
    73  		if len(caps) > 0 {
    74  			fmt.Printf("%s [user]: %s\n", c.User, strings.Join(caps, ","))
    75  			outputCaps++
    76  		}
    77  	}
    78  
    79  	if c.Group != "" {
    80  		caps := capConfig.ListGroupCaps(c.Group)
    81  		if len(caps) > 0 {
    82  			fmt.Printf("%s [group]: %s\n", c.Group, strings.Join(caps, ","))
    83  			outputCaps++
    84  		}
    85  	}
    86  
    87  	if outputCaps == 0 {
    88  		return fmt.Errorf("no capability set for user/group %s", c.User)
    89  	}
    90  
    91  	return nil
    92  }