docker-cli

p4u1/docker-cli

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sebastiaan van Stijn	446d4138ed	vendor: github.com/moby/sys/capability v0.4.0 full diff: https://github.com/moby/sys/compare/capability/v0.3.0...capability/v0.4.0 Added * New separate API for ambient ([GetAmbient], [SetAmbient], [ResetAmbient]) and bound ([GetBound], [DropBound]) capabilities, modelled after libcap. Fixed * [Apply] now returns an error if called for non-zero `pid`. Before this change, it could silently change some capabilities of the current process, instead of the one identified by the `pid`. * Fixed tests that change capabilities to be run in a separate process. * Other improvements in tests. Changed * Use raw syscalls (which are slightly faster). * Most tests are now limited to testing the public API of the package. * Simplify parsing /proc/pid/status, add a test case. * Optimize the number of syscall to set ambient capabilities in Apply by clearing them first; add a test case. * Better documentation for [Apply], [NewFile], [NewFile2], [NewPid], [NewPid2]. Removed * `.golangci.yml` and `.codespellrc` are no longer part of the package. <!-- Doc links (please keep sorted). --> [Apply]: https://pkg.go.dev/github.com/moby/sys/capability#Capabilities.Apply [DropBound]: https://pkg.go.dev/github.com/moby/sys/capability#DropBound [GetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#GetAmbient [GetBound]: https://pkg.go.dev/github.com/moby/sys/capability#GetBound [LastCap]: https://pkg.go.dev/github.com/moby/sys/capability#LastCap [ListKnown]: https://pkg.go.dev/github.com/moby/sys/capability#ListKnown [ListSupported]: https://pkg.go.dev/github.com/moby/sys/capability#ListSupported [List]: https://pkg.go.dev/github.com/moby/sys/capability#List [NewFile2]: https://pkg.go.dev/github.com/moby/sys/capability#NewFile2 [NewFile]: https://pkg.go.dev/github.com/moby/sys/capability#NewFile [NewPid2]: https://pkg.go.dev/github.com/moby/sys/capability#NewPid2 [NewPid]: https://pkg.go.dev/github.com/moby/sys/capability#NewPid [ResetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#ResetAmbient [SetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#SetAmbient Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-11-19 11:37:18 +01:00
Sebastiaan van Stijn	462e08219d	cli/container: use github.com/moby/sys/capability for completions We used a hard-coded list of capabilities that we copied from containerd, but the new "capability" package allows use to have a maintained list of capabilities. There's likely still some improvements to be made; First of all, the capability package could provide a function to get the list of strings. On the completion-side, we need to consider what format is most convenient; currently we use the canonical name (uppercase and "CAP_" prefix), however, tab-completion is case-sensitive by default, so requires the user to type uppercase letters to filter the list of options. Bash completion provides a `completion-ignore-case on` option to make completion case-insensitive (https://askubuntu.com/a/87066), but it looks to be a global option; the current cobra.CompletionOptions also don't provide this as an option to be used in the generated completion-script. Fish completion has `smartcase` (by default?) which matches any case if all of the input is lowercase. Zsh does not have a dedicated option, but allows setting matching-rules (see https://superuser.com/a/1092328). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2024-10-01 14:01:02 +02:00

Author

SHA1

Message

Date

Sebastiaan van Stijn

446d4138ed

vendor: github.com/moby/sys/capability v0.4.0

full diff: https://github.com/moby/sys/compare/capability/v0.3.0...capability/v0.4.0

Added

* New separate API for ambient ([GetAmbient], [SetAmbient], [ResetAmbient])
  and bound ([GetBound], [DropBound]) capabilities, modelled after libcap.

Fixed

* [Apply] now returns an error if called for non-zero `pid`. Before this change,
  it could silently change some capabilities of the current process, instead of
  the one identified by the `pid`.
* Fixed tests that change capabilities to be run in a separate process.
* Other improvements in tests.

Changed

* Use raw syscalls (which are slightly faster).
* Most tests are now limited to testing the public API of the package.
* Simplify parsing /proc/*pid*/status, add a test case.
* Optimize the number of syscall to set ambient capabilities in Apply
  by clearing them first; add a test case.
* Better documentation for [Apply], [NewFile], [NewFile2], [NewPid], [NewPid2].

Removed

* `.golangci.yml` and `.codespellrc` are no longer part of the package.

<!-- Doc links (please keep sorted). -->
[Apply]: https://pkg.go.dev/github.com/moby/sys/capability#Capabilities.Apply
[DropBound]: https://pkg.go.dev/github.com/moby/sys/capability#DropBound
[GetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#GetAmbient
[GetBound]: https://pkg.go.dev/github.com/moby/sys/capability#GetBound
[LastCap]: https://pkg.go.dev/github.com/moby/sys/capability#LastCap
[ListKnown]: https://pkg.go.dev/github.com/moby/sys/capability#ListKnown
[ListSupported]: https://pkg.go.dev/github.com/moby/sys/capability#ListSupported
[List]: https://pkg.go.dev/github.com/moby/sys/capability#List
[NewFile2]: https://pkg.go.dev/github.com/moby/sys/capability#NewFile2
[NewFile]: https://pkg.go.dev/github.com/moby/sys/capability#NewFile
[NewPid2]: https://pkg.go.dev/github.com/moby/sys/capability#NewPid2
[NewPid]: https://pkg.go.dev/github.com/moby/sys/capability#NewPid
[ResetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#ResetAmbient
[SetAmbient]: https://pkg.go.dev/github.com/moby/sys/capability#SetAmbient

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2024-11-19 11:37:18 +01:00

Sebastiaan van Stijn

462e08219d

cli/container: use github.com/moby/sys/capability for completions

We used a hard-coded list of capabilities that we copied from containerd,
but the new "capability" package allows use to have a maintained list
of capabilities.

There's likely still some improvements to be made;

First of all, the capability package could provide a function to get the list
of strings.

On the completion-side, we need to consider what format is most convenient;
currently we use the canonical name (uppercase and "CAP_" prefix), however,
tab-completion is case-sensitive by default, so requires the user to type
uppercase letters to filter the list of options.

Bash completion provides a `completion-ignore-case on` option to make completion
case-insensitive (https://askubuntu.com/a/87066), but it looks to be a global
option; the current cobra.CompletionOptions also don't provide this as an option
to be used in the generated completion-script.

Fish completion has `smartcase` (by default?) which matches any case if
all of the input is lowercase.

Zsh does not have a dedicated option, but allows setting matching-rules
(see https://superuser.com/a/1092328).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2024-10-01 14:01:02 +02:00

2 Commits