mirror of
https://github.com/containers/youki
synced 2024-11-27 02:05:31 +01:00
modify capability into new way
This commit is contained in:
tommady
parent
3e8a0839c6
commit
0a42340768
@ -6,7 +6,7 @@ use std::sync::Arc;
|
||||
use std::{any::Any, mem, path::Path, ptr};
|
||||
|
||||
use anyhow::{anyhow, bail, Result};
|
||||
use caps::{errors::CapsError, CapSet, Capability, CapsHashSet};
|
||||
use caps::{CapSet, Capability, CapsHashSet};
|
||||
use libc::{c_char, uid_t};
|
||||
use nix::{
|
||||
errno::Errno,
|
||||
@ -127,7 +127,7 @@ impl Syscall for LinuxSyscall {
|
||||
|
||||
#[cfg_attr(coverage, no_coverage)]
|
||||
/// Set capabilities for container process
|
||||
fn set_capability(&self, cset: CapSet, value: &CapsHashSet) -> Result<(), CapsError> {
|
||||
fn set_capability(&self, cset: CapSet, value: &CapsHashSet) -> Result<()> {
|
||||
match cset {
|
||||
// caps::set cannot set capabilities in bounding set,
|
||||
// so we do it differently
|
||||
@ -149,10 +149,12 @@ impl Syscall for LinuxSyscall {
|
||||
_ => caps::drop(None, CapSet::Bounding, *c)?,
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
_ => caps::set(None, cset, value),
|
||||
_ => {
|
||||
caps::set(None, cset, value)?;
|
||||
}
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[cfg_attr(coverage, no_coverage)]
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
use std::{any::Any, ffi::OsStr, path::Path, sync::Arc};
|
||||
|
||||
use anyhow::Result;
|
||||
use caps::{errors::CapsError, CapSet, CapsHashSet};
|
||||
use caps::{CapSet, CapsHashSet};
|
||||
use nix::{
|
||||
mount::MsFlags,
|
||||
sched::CloneFlags,
|
||||
@ -25,7 +25,7 @@ pub trait Syscall {
|
||||
fn set_ns(&self, rawfd: i32, nstype: CloneFlags) -> Result<()>;
|
||||
fn set_id(&self, uid: Uid, gid: Gid) -> Result<()>;
|
||||
fn unshare(&self, flags: CloneFlags) -> Result<()>;
|
||||
fn set_capability(&self, cset: CapSet, value: &CapsHashSet) -> Result<(), CapsError>;
|
||||
fn set_capability(&self, cset: CapSet, value: &CapsHashSet) -> Result<()>;
|
||||
fn set_hostname(&self, hostname: &str) -> Result<()>;
|
||||
fn set_rlimit(&self, rlimit: &LinuxRlimit) -> Result<()>;
|
||||
fn get_pwuid(&self, uid: u32) -> Option<Arc<OsStr>>;
|
||||
|
||||
@ -7,9 +7,7 @@ use std::{
|
||||
sync::Arc,
|
||||
};
|
||||
|
||||
// use debug_cell::{Ref, RefCell, RefMut};
|
||||
|
||||
use caps::{errors::CapsError, CapSet, CapsHashSet};
|
||||
use caps::{CapSet, CapsHashSet};
|
||||
use nix::{
|
||||
mount::MsFlags,
|
||||
sched::CloneFlags,
|
||||
@ -130,14 +128,12 @@ impl MockCalls {
|
||||
|
||||
pub struct TestHelperSyscall {
|
||||
mocks: MockCalls,
|
||||
set_capability_args: RefCell<Vec<(CapSet, CapsHashSet)>>,
|
||||
}
|
||||
|
||||
impl Default for TestHelperSyscall {
|
||||
fn default() -> Self {
|
||||
TestHelperSyscall {
|
||||
mocks: MockCalls::default(),
|
||||
set_capability_args: RefCell::new(vec![]),
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -164,10 +160,9 @@ impl Syscall for TestHelperSyscall {
|
||||
self.mocks.act(ArgName::Unshare, Box::new(flags))
|
||||
}
|
||||
|
||||
fn set_capability(&self, cset: CapSet, value: &CapsHashSet) -> Result<(), CapsError> {
|
||||
let args = (cset, value.clone());
|
||||
self.set_capability_args.borrow_mut().push(args);
|
||||
Ok(())
|
||||
fn set_capability(&self, cset: CapSet, value: &CapsHashSet) -> anyhow::Result<()> {
|
||||
self.mocks
|
||||
.act(ArgName::Capability, Box::new((cset, value.clone())))
|
||||
}
|
||||
|
||||
fn set_hostname(&self, hostname: &str) -> anyhow::Result<()> {
|
||||
@ -270,7 +265,12 @@ impl TestHelperSyscall {
|
||||
}
|
||||
|
||||
pub fn get_set_capability_args(&self) -> Vec<(CapSet, CapsHashSet)> {
|
||||
self.set_capability_args.borrow_mut().clone()
|
||||
self.mocks
|
||||
.fetch(ArgName::Capability)
|
||||
.values
|
||||
.iter()
|
||||
.map(|x| x.downcast_ref::<(CapSet, CapsHashSet)>().unwrap().clone())
|
||||
.collect::<Vec<(CapSet, CapsHashSet)>>()
|
||||
}
|
||||
|
||||
pub fn get_mount_args(&self) -> Vec<MountArgs> {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user