Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch to github.com/moby/sys/capability #777

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Sep 25, 2024

Currently a draft pending #776 merge.

The github.com/moby/sys/capability package is a fork of the original
one, which is apparently no longer maintained.

For changes since the fork took place, see
https://github.com/moby/sys/blob/main/capability/CHANGELOG.md


Note that "workaround for RHEL6" is removed for a number of reasons.
Feel free to choose the one you like the most, either is sufficient:

  1. /proc/sys/kernel/cap_last_cap is available since RHEL 6.7
    (kernel 2.6.32-573.el6), released 9 years ago (2015-07-22).

  2. It incorrectly returns CAP_BLOCK_SUSPEND (36), which was only added
    in kernel v3.5 and was never backported to RHEL6 kernels. The
    correct value for RHEL6 would be CAP_MAC_ADMIN (33).

  3. As far as upstream kernels go, /proc/sys/kernel/cap_last_cap was
    added in kernel v3.2, and a correct value depends on the kernel
    version. It could be CAP_WAKE_ALARM (35), added to kernel v3.0, or
    CAP_SYSLOG (34), added to kernel v2.6.38, or possibly a lesser value
    for even older kernels.

The github.com/moby/sys/capability package is a fork of the original
one, which apparently is no longer maintained.

Note that "workaround for RHEL6" is removed for a number of reasons.
Feel free to choose the one you like the most, either is sufficient:

 1. /proc/sys/kernel/cap_last_cap is available since RHEL 6.7
    (kernel 2.6.32-573.el6), released 9 years ago (2015-07-22).

 2. It incorrectly returns CAP_BLOCK_SUSPEND (36), which was only added
    in kernel v3.5 and was never backported to RHEL6 kernels. The
    correct value for RHEL6 would be CAP_MAC_ADMIN (33).

 3. As far as upstream kernels go, /proc/sys/kernel/cap_last_cap was
    added in kernel v3.2, and a correct value depends on the kernel
    version. It could be CAP_WAKE_ALARM (35), added to kernel v3.0, or
    CAP_SYSLOG (34), added to kernel v2.6.38, or possibly a lesser value
    for even older kernels.

Bump go to 1.21 in go.mod since this is the minimally required version
for moby/sys/capability.

Signed-off-by: Kir Kolyshkin <[email protected]>
@thaJeztah
Copy link
Member

@kolyshkin looks like you need to fix vendoring;

go build -tags "" -ldflags "-X main.gitCommit=012d045 -X main.version=0.9.0" -race -o oci-runtime-tool ./cmd/oci-runtime-tool
go: inconsistent vendoring in /home/runner/work/runtime-tools/runtime-tools:
	github.com/moby/sys/[email protected]: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt
	github.com/moby/sys/[email protected]: is marked as explicit in vendor/modules.txt, but not explicitly required in go.mod

	To ignore the vendor directory, use -mod=readonly or -mod=mod.
	To sync the vendor directory, run:
		go mod vendor

@thaJeztah thaJeztah mentioned this pull request Nov 27, 2024
@thaJeztah
Copy link
Member

@kolyshkin gentle nudge 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants