Dont use custom marshaling for caps and namespaces

This also adds an enabled field to the types so that they
can be easily toggled.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-03-20 23:09:01 +00:00
parent 0424993f6d
commit f6a8719dd5
2 changed files with 28 additions and 61 deletions

View file

@ -1,7 +1,6 @@
package libcontainer package libcontainer
import ( import (
"encoding/json"
"errors" "errors"
"github.com/syndtr/gocapability/capability" "github.com/syndtr/gocapability/capability"
) )
@ -19,29 +18,30 @@ var (
namespaceList = Namespaces{} namespaceList = Namespaces{}
capabilityList = Capabilities{ capabilityList = Capabilities{
{Key: "SETPCAP", Value: capability.CAP_SETPCAP}, {Key: "SETPCAP", Value: capability.CAP_SETPCAP, Enabled: true},
{Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE}, {Key: "SYS_MODULE", Value: capability.CAP_SYS_MODULE, Enabled: true},
{Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO}, {Key: "SYS_RAWIO", Value: capability.CAP_SYS_RAWIO, Enabled: true},
{Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT}, {Key: "SYS_PACCT", Value: capability.CAP_SYS_PACCT, Enabled: true},
{Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN}, {Key: "SYS_ADMIN", Value: capability.CAP_SYS_ADMIN, Enabled: true},
{Key: "SYS_NICE", Value: capability.CAP_SYS_NICE}, {Key: "SYS_NICE", Value: capability.CAP_SYS_NICE, Enabled: true},
{Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE}, {Key: "SYS_RESOURCE", Value: capability.CAP_SYS_RESOURCE, Enabled: true},
{Key: "SYS_TIME", Value: capability.CAP_SYS_TIME}, {Key: "SYS_TIME", Value: capability.CAP_SYS_TIME, Enabled: true},
{Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG}, {Key: "SYS_TTY_CONFIG", Value: capability.CAP_SYS_TTY_CONFIG, Enabled: true},
{Key: "MKNOD", Value: capability.CAP_MKNOD}, {Key: "MKNOD", Value: capability.CAP_MKNOD, Enabled: true},
{Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE}, {Key: "AUDIT_WRITE", Value: capability.CAP_AUDIT_WRITE, Enabled: true},
{Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL}, {Key: "AUDIT_CONTROL", Value: capability.CAP_AUDIT_CONTROL, Enabled: true},
{Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE}, {Key: "MAC_OVERRIDE", Value: capability.CAP_MAC_OVERRIDE, Enabled: true},
{Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN}, {Key: "MAC_ADMIN", Value: capability.CAP_MAC_ADMIN, Enabled: true},
{Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN}, {Key: "NET_ADMIN", Value: capability.CAP_NET_ADMIN, Enabled: true},
} }
) )
type ( type (
Namespace struct { Namespace struct {
Key string Key string `json:"key,omitempty"`
Value int Enabled bool `json:"enabled,omitempty"`
File string Value int `json:"value,omitempty"`
File string `json:"file,omitempty"`
} }
Namespaces []*Namespace Namespaces []*Namespace
) )
@ -50,23 +50,6 @@ func (ns *Namespace) String() string {
return ns.Key return ns.Key
} }
func (ns *Namespace) MarshalJSON() ([]byte, error) {
return json.Marshal(ns.Key)
}
func (ns *Namespace) UnmarshalJSON(src []byte) error {
var nsName string
if err := json.Unmarshal(src, &nsName); err != nil {
return err
}
ret := GetNamespace(nsName)
if ret == nil {
return ErrUnkownNamespace
}
*ns = *ret
return nil
}
func GetNamespace(key string) *Namespace { func GetNamespace(key string) *Namespace {
for _, ns := range namespaceList { for _, ns := range namespaceList {
if ns.Key == key { if ns.Key == key {
@ -89,8 +72,9 @@ func (n Namespaces) Contains(ns string) bool {
type ( type (
Capability struct { Capability struct {
Key string Key string `json:"key,omitempty"`
Value capability.Cap Enabled bool `json:"enabled"`
Value capability.Cap `json:"value,omitempty"`
} }
Capabilities []*Capability Capabilities []*Capability
) )
@ -99,23 +83,6 @@ func (c *Capability) String() string {
return c.Key return c.Key
} }
func (c *Capability) MarshalJSON() ([]byte, error) {
return json.Marshal(c.Key)
}
func (c *Capability) UnmarshalJSON(src []byte) error {
var capName string
if err := json.Unmarshal(src, &capName); err != nil {
return err
}
ret := GetCapability(capName)
if ret == nil {
return ErrUnkownCapability
}
*c = *ret
return nil
}
func GetCapability(key string) *Capability { func GetCapability(key string) *Capability {
for _, capp := range capabilityList { for _, capp := range capabilityList {
if capp.Key == key { if capp.Key == key {

View file

@ -6,11 +6,11 @@ import (
func init() { func init() {
namespaceList = Namespaces{ namespaceList = Namespaces{
{Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt"}, {Key: "NEWNS", Value: syscall.CLONE_NEWNS, File: "mnt", Enabled: true},
{Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts"}, {Key: "NEWUTS", Value: syscall.CLONE_NEWUTS, File: "uts", Enabled: true},
{Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc"}, {Key: "NEWIPC", Value: syscall.CLONE_NEWIPC, File: "ipc", Enabled: true},
{Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user"}, {Key: "NEWUSER", Value: syscall.CLONE_NEWUSER, File: "user", Enabled: true},
{Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid"}, {Key: "NEWPID", Value: syscall.CLONE_NEWPID, File: "pid", Enabled: true},
{Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net"}, {Key: "NEWNET", Value: syscall.CLONE_NEWNET, File: "net", Enabled: true},
} }
} }