mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
deps: switch to moby/sys/capability (#24093)
github.com/moby/sys/capability is a fork of the (no longer maintained) github.com/syndtr/gocapability package. For changes since the fork took place, see https://github.com/moby/sys/blob/main/capability/CHANGELOG.md Note that the "workaround for RHEL6" is removed for a number of reasons. Feel free to choose the one you like the most, either is sufficient: 1. /proc/sys/kernel/cap_last_cap is available since RHEL 6.7 (kernel 2.6.32-573.el6), released 9 years ago (2015-07-22). 2. It incorrectly returns CAP_BLOCK_SUSPEND (36), which was only added in kernel v3.5 and was never backported to RHEL6 kernels. The correct value for RHEL6 would be CAP_MAC_ADMIN (33). 3. As far as upstream kernels go, /proc/sys/kernel/cap_last_cap was added in kernel v3.2, and a correct value depends on the kernel version. It could be CAP_WAKE_ALARM (35), added to kernel v3.0, or CAP_SYSLOG (34), added to kernel v2.6.38, or possibly a lesser value for even older kernels. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
@@ -7,7 +7,7 @@ import (
|
||||
"fmt"
|
||||
"regexp"
|
||||
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
"github.com/moby/sys/capability"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -40,18 +40,9 @@ func NomadDefaults() *Set {
|
||||
func Supported() *Set {
|
||||
s := New(nil)
|
||||
|
||||
last := capability.CAP_LAST_CAP
|
||||
|
||||
// workaround for RHEL6 which has no /proc/sys/kernel/cap_last_cap
|
||||
if last == capability.Cap(63) {
|
||||
last = capability.CAP_BLOCK_SUSPEND
|
||||
}
|
||||
|
||||
list, _ := capability.ListSupported()
|
||||
// accumulate every capability supported by this system
|
||||
for _, c := range capability.List() {
|
||||
if c > last {
|
||||
continue
|
||||
}
|
||||
for _, c := range list {
|
||||
s.Add(c.String())
|
||||
}
|
||||
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
cstructs "github.com/hashicorp/nomad/client/structs"
|
||||
"github.com/hashicorp/nomad/drivers/shared/executor/procstats"
|
||||
"github.com/hashicorp/nomad/plugins/drivers"
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
"github.com/moby/sys/capability"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -793,15 +793,8 @@ func makeExecutable(binPath string) error {
|
||||
// SupportedCaps returns a list of all supported capabilities in kernel.
|
||||
func SupportedCaps(allowNetRaw bool) []string {
|
||||
var allCaps []string
|
||||
last := capability.CAP_LAST_CAP
|
||||
// workaround for RHEL6 which has no /proc/sys/kernel/cap_last_cap
|
||||
if last == capability.Cap(63) {
|
||||
last = capability.CAP_BLOCK_SUSPEND
|
||||
}
|
||||
for _, cap := range capability.List() {
|
||||
if cap > last {
|
||||
continue
|
||||
}
|
||||
list, _ := capability.ListSupported()
|
||||
for _, cap := range list {
|
||||
if !allowNetRaw && cap == capability.CAP_NET_RAW {
|
||||
continue
|
||||
}
|
||||
|
||||
3
go.mod
3
go.mod
@@ -105,6 +105,7 @@ require (
|
||||
github.com/mitchellh/mapstructure v1.5.0
|
||||
github.com/mitchellh/pointerstructure v1.2.1
|
||||
github.com/mitchellh/reflectwalk v1.0.2
|
||||
github.com/moby/sys/capability v0.3.0
|
||||
github.com/moby/sys/mount v0.3.3
|
||||
github.com/moby/sys/mountinfo v0.7.2
|
||||
github.com/moby/term v0.5.0
|
||||
@@ -123,7 +124,6 @@ require (
|
||||
github.com/shoenig/go-m1cpu v0.1.6
|
||||
github.com/shoenig/test v1.11.0
|
||||
github.com/stretchr/testify v1.9.0
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
|
||||
github.com/zclconf/go-cty v1.13.0
|
||||
github.com/zclconf/go-cty-yaml v1.0.3
|
||||
go.etcd.io/bbolt v1.3.9
|
||||
@@ -277,6 +277,7 @@ require (
|
||||
github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d // indirect
|
||||
github.com/spf13/cast v1.5.0 // indirect
|
||||
github.com/stretchr/objx v0.5.2 // indirect
|
||||
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
|
||||
github.com/tencentcloud/tencentcloud-sdk-go v1.0.162 // indirect
|
||||
github.com/tj/go-spin v1.1.0 // indirect
|
||||
github.com/tklauser/go-sysconf v0.3.12 // indirect
|
||||
|
||||
2
go.sum
2
go.sum
@@ -902,6 +902,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx
|
||||
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
|
||||
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
|
||||
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
|
||||
github.com/moby/sys/capability v0.3.0 h1:kEP+y6te0gEXIaeQhIi0s7vKs/w0RPoH1qPa6jROcVg=
|
||||
github.com/moby/sys/capability v0.3.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I=
|
||||
github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
|
||||
github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0=
|
||||
github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
|
||||
|
||||
Reference in New Issue
Block a user