github.com/blixtra/rkt@v0.8.1-0.20160204105720-ab0d1add1a43/pkg/sys/capability.go

github.com/blixtra/rkt@v0.8.1-0.20160204105720-ab0d1add1a43/pkg/sys/capability.go (about)

     1  // Copyright 2015 The rkt Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package sys
    16  
    17  import (
    18  	"os"
    19  
    20  	"github.com/syndtr/gocapability/capability"
    21  )
    22  
    23  // HasChrootCapability checks if the current process has the CAP_SYS_CHROOT
    24  // capability
    25  func HasChrootCapability() bool {
    26  	// Checking the capabilities should be enough, but in case there're
    27  	// problem retrieving them, fallback checking for the effective uid
    28  	// (hoping it hasn't dropped its CAP_SYS_CHROOT).
    29  	caps, err := capability.NewPid(0)
    30  	if err == nil {
    31  		return caps.Get(capability.EFFECTIVE, capability.CAP_SYS_CHROOT)
    32  	} else {
    33  		return os.Geteuid() == 0
    34  	}
    35  }