github.com/cloudfoundry-attic/garden-linux@v0.333.2-candidate/integration/helpers/capcheck/commands/inspect_linux.go

github.com/cloudfoundry-attic/garden-linux@v0.333.2-candidate/integration/helpers/capcheck/commands/inspect_linux.go (about)

     1  package commands
     2  
     3  import (
     4  	"fmt"
     5  	"os"
     6  
     7  	"github.com/cloudfoundry-incubator/garden-linux/integration/helpers/capcheck/inspector"
     8  )
     9  
    10  func Inspect(caps map[string]bool) {
    11  
    12  	var errors int
    13  
    14  	probeAll := len(caps) == 0
    15  
    16  	if probeAll || shouldProbe(caps, "CAP_SYS_ADMIN") {
    17  		// Probe CAP_SYS_ADMIN because it is conditionally added to the whitelist.
    18  		if probeError := inspector.ProbeCAP_SYS_ADMIN(); probeError != nil {
    19  			errors++
    20  		}
    21  	}
    22  
    23  	if probeAll || shouldProbe(caps, "CAP_MKNOD") {
    24  		// Probe a capability not in the whitelist, e.g. CAP_MKNOD
    25  		if probeError := inspector.ProbeCAP_MKNOD(); probeError != nil {
    26  			errors++
    27  		}
    28  	}
    29  
    30  	if probeAll || shouldProbe(caps, "CAP_NET_BIND_SERVICE") {
    31  		// Probe a capability which is in the whitelist, e.g. CAP_NET_BIND_SERVICE
    32  		if probeError := inspector.ProbeCAP_NET_BIND_SERVICE(); probeError != nil {
    33  			errors++
    34  		}
    35  	}
    36  
    37  	for cap := range caps {
    38  		fmt.Printf("WARNING: %s is not supported and was not probed\n", cap)
    39  	}
    40  
    41  	os.Exit(errors)
    42  }
    43  
    44  func shouldProbe(caps map[string]bool, cap string) bool {
    45  	result := caps[cap]
    46  	delete(caps, cap)
    47  	return result
    48  }