Updated vendored Libseccomp

This should also undo accidental gocapability downgrade

Signed-off-by: Matthew Heon <[email protected]>

update-vendor.sh

@@ -46,6 +46,6 @@ clone git github.com/godbus/dbus v2
 clone git github.com/Sirupsen/logrus v0.7.3
 clone git github.com/syndtr/gocapability 66ef2aa
 clone git github.com/golang/protobuf 655cdfa588ea
-clone git github.com/seccomp/libseccomp-golang 17e86b0c3
+clone git github.com/seccomp/libseccomp-golang 4ad869ffe4
 
 # intentionally not vendoring Docker itself...  that'd be a circle :)

vendor/src/github.com/seccomp/libseccomp-golang/seccomp_test.go

@@ -284,7 +284,7 @@ func TestFilterArchFunctions(t *testing.T) {
 	// Remove the arch again, make sure it's not in the filter
 	err = filter.RemoveArch(prospectiveArch)
 	if err != nil {
-		fmt.Errorf("Could not remove arch %s from filter: %s",
+		t.Errorf("Could not remove arch %s from filter: %s",
 			prospectiveArch.String(), err)
 	}
 

vendor/src/github.com/syndtr/gocapability/capability/enum.go

@@ -34,90 +34,9 @@ const (
 	BOUNDS = BOUNDING
 )
 
+//go:generate go run enumgen/gen.go
 type Cap int
 
-func (c Cap) String() string {
-	switch c {
-	case CAP_CHOWN:
-		return "chown"
-	case CAP_DAC_OVERRIDE:
-		return "dac_override"
-	case CAP_DAC_READ_SEARCH:
-		return "dac_read_search"
-	case CAP_FOWNER:
-		return "fowner"
-	case CAP_FSETID:
-		return "fsetid"
-	case CAP_KILL:
-		return "kill"
-	case CAP_SETGID:
-		return "setgid"
-	case CAP_SETUID:
-		return "setuid"
-	case CAP_SETPCAP:
-		return "setpcap"
-	case CAP_LINUX_IMMUTABLE:
-		return "linux_immutable"
-	case CAP_NET_BIND_SERVICE:
-		return "net_bind_service"
-	case CAP_NET_BROADCAST:
-		return "net_broadcast"
-	case CAP_NET_ADMIN:
-		return "net_admin"
-	case CAP_NET_RAW:
-		return "net_raw"
-	case CAP_IPC_LOCK:
-		return "ipc_lock"
-	case CAP_IPC_OWNER:
-		return "ipc_owner"
-	case CAP_SYS_MODULE:
-		return "sys_module"
-	case CAP_SYS_RAWIO:
-		return "sys_rawio"
-	case CAP_SYS_CHROOT:
-		return "sys_chroot"
-	case CAP_SYS_PTRACE:
-		return "sys_ptrace"
-	case CAP_SYS_PACCT:
-		return "sys_psacct"
-	case CAP_SYS_ADMIN:
-		return "sys_admin"
-	case CAP_SYS_BOOT:
-		return "sys_boot"
-	case CAP_SYS_NICE:
-		return "sys_nice"
-	case CAP_SYS_RESOURCE:
-		return "sys_resource"
-	case CAP_SYS_TIME:
-		return "sys_time"
-	case CAP_SYS_TTY_CONFIG:
-		return "sys_tty_config"
-	case CAP_MKNOD:
-		return "mknod"
-	case CAP_LEASE:
-		return "lease"
-	case CAP_AUDIT_WRITE:
-		return "audit_write"
-	case CAP_AUDIT_CONTROL:
-		return "audit_control"
-	case CAP_SETFCAP:
-		return "setfcap"
-	case CAP_MAC_OVERRIDE:
-		return "mac_override"
-	case CAP_MAC_ADMIN:
-		return "mac_admin"
-	case CAP_SYSLOG:
-		return "syslog"
-	case CAP_WAKE_ALARM:
-		return "wake_alarm"
-	case CAP_BLOCK_SUSPEND:
-		return "block_suspend"
-	case CAP_AUDIT_READ:
-		return "audit_read"
-	}
-	return "unknown"
-}
-
 // POSIX-draft defined capabilities.
 const (
 	// In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this

vendor/src/github.com/syndtr/gocapability/capability/enum_gen.go

@@ -0,0 +1,129 @@
+// generated file; DO NOT EDIT - use go generate in directory with source
+
+package capability
+
+func (c Cap) String() string {
+	switch c {
+	case CAP_CHOWN:
+		return "chown"
+	case CAP_DAC_OVERRIDE:
+		return "dac_override"
+	case CAP_DAC_READ_SEARCH:
+		return "dac_read_search"
+	case CAP_FOWNER:
+		return "fowner"
+	case CAP_FSETID:
+		return "fsetid"
+	case CAP_KILL:
+		return "kill"
+	case CAP_SETGID:
+		return "setgid"
+	case CAP_SETUID:
+		return "setuid"
+	case CAP_SETPCAP:
+		return "setpcap"
+	case CAP_LINUX_IMMUTABLE:
+		return "linux_immutable"
+	case CAP_NET_BIND_SERVICE:
+		return "net_bind_service"
+	case CAP_NET_BROADCAST:
+		return "net_broadcast"
+	case CAP_NET_ADMIN:
+		return "net_admin"
+	case CAP_NET_RAW:
+		return "net_raw"
+	case CAP_IPC_LOCK:
+		return "ipc_lock"
+	case CAP_IPC_OWNER:
+		return "ipc_owner"
+	case CAP_SYS_MODULE:
+		return "sys_module"
+	case CAP_SYS_RAWIO:
+		return "sys_rawio"
+	case CAP_SYS_CHROOT:
+		return "sys_chroot"
+	case CAP_SYS_PTRACE:
+		return "sys_ptrace"
+	case CAP_SYS_PACCT:
+		return "sys_pacct"
+	case CAP_SYS_ADMIN:
+		return "sys_admin"
+	case CAP_SYS_BOOT:
+		return "sys_boot"
+	case CAP_SYS_NICE:
+		return "sys_nice"
+	case CAP_SYS_RESOURCE:
+		return "sys_resource"
+	case CAP_SYS_TIME:
+		return "sys_time"
+	case CAP_SYS_TTY_CONFIG:
+		return "sys_tty_config"
+	case CAP_MKNOD:
+		return "mknod"
+	case CAP_LEASE:
+		return "lease"
+	case CAP_AUDIT_WRITE:
+		return "audit_write"
+	case CAP_AUDIT_CONTROL:
+		return "audit_control"
+	case CAP_SETFCAP:
+		return "setfcap"
+	case CAP_MAC_OVERRIDE:
+		return "mac_override"
+	case CAP_MAC_ADMIN:
+		return "mac_admin"
+	case CAP_SYSLOG:
+		return "syslog"
+	case CAP_WAKE_ALARM:
+		return "wake_alarm"
+	case CAP_BLOCK_SUSPEND:
+		return "block_suspend"
+	case CAP_AUDIT_READ:
+		return "audit_read"
+	}
+	return "unknown"
+}
+
+// List returns list of all supported capabilities
+func List() []Cap {
+	return []Cap{
+		CAP_CHOWN,
+		CAP_DAC_OVERRIDE,
+		CAP_DAC_READ_SEARCH,
+		CAP_FOWNER,
+		CAP_FSETID,
+		CAP_KILL,
+		CAP_SETGID,
+		CAP_SETUID,
+		CAP_SETPCAP,
+		CAP_LINUX_IMMUTABLE,
+		CAP_NET_BIND_SERVICE,
+		CAP_NET_BROADCAST,
+		CAP_NET_ADMIN,
+		CAP_NET_RAW,
+		CAP_IPC_LOCK,
+		CAP_IPC_OWNER,
+		CAP_SYS_MODULE,
+		CAP_SYS_RAWIO,
+		CAP_SYS_CHROOT,
+		CAP_SYS_PTRACE,
+		CAP_SYS_PACCT,
+		CAP_SYS_ADMIN,
+		CAP_SYS_BOOT,
+		CAP_SYS_NICE,
+		CAP_SYS_RESOURCE,
+		CAP_SYS_TIME,
+		CAP_SYS_TTY_CONFIG,
+		CAP_MKNOD,
+		CAP_LEASE,
+		CAP_AUDIT_WRITE,
+		CAP_AUDIT_CONTROL,
+		CAP_SETFCAP,
+		CAP_MAC_OVERRIDE,
+		CAP_MAC_ADMIN,
+		CAP_SYSLOG,
+		CAP_WAKE_ALARM,
+		CAP_BLOCK_SUSPEND,
+		CAP_AUDIT_READ,
+	}
+}

vendor/src/github.com/syndtr/gocapability/capability/enumgen/gen.go

@@ -0,0 +1,92 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"go/ast"
+	"go/format"
+	"go/parser"
+	"go/token"
+	"io/ioutil"
+	"log"
+	"os"
+	"strings"
+)
+
+const fileName = "enum.go"
+const genName = "enum_gen.go"
+
+type generator struct {
+	buf  bytes.Buffer
+	caps []string
+}
+
+func (g *generator) writeHeader() {
+	g.buf.WriteString("// generated file; DO NOT EDIT - use go generate in directory with source\n")
+	g.buf.WriteString("\n")
+	g.buf.WriteString("package capability")
+}
+
+func (g *generator) writeStringFunc() {
+	g.buf.WriteString("\n")
+	g.buf.WriteString("func (c Cap) String() string {\n")
+	g.buf.WriteString("switch c {\n")
+	for _, cap := range g.caps {
+		fmt.Fprintf(&g.buf, "case %s:\n", cap)
+		fmt.Fprintf(&g.buf, "return \"%s\"\n", strings.ToLower(cap[4:]))
+	}
+	g.buf.WriteString("}\n")
+	g.buf.WriteString("return \"unknown\"\n")
+	g.buf.WriteString("}\n")
+}
+
+func (g *generator) writeListFunc() {
+	g.buf.WriteString("\n")
+	g.buf.WriteString("// List returns list of all supported capabilities\n")
+	g.buf.WriteString("func List() []Cap {\n")
+	g.buf.WriteString("return []Cap{\n")
+	for _, cap := range g.caps {
+		fmt.Fprintf(&g.buf, "%s,\n", cap)
+	}
+	g.buf.WriteString("}\n")
+	g.buf.WriteString("}\n")
+}
+
+func main() {
+	fs := token.NewFileSet()
+	parsedFile, err := parser.ParseFile(fs, fileName, nil, 0)
+	if err != nil {
+		log.Fatal(err)
+	}
+	var caps []string
+	for _, decl := range parsedFile.Decls {
+		decl, ok := decl.(*ast.GenDecl)
+		if !ok || decl.Tok != token.CONST {
+			continue
+		}
+		for _, spec := range decl.Specs {
+			vspec := spec.(*ast.ValueSpec)
+			name := vspec.Names[0].Name
+			if strings.HasPrefix(name, "CAP_") {
+				caps = append(caps, name)
+			}
+		}
+	}
+	g := &generator{caps: caps}
+	g.writeHeader()
+	g.writeStringFunc()
+	g.writeListFunc()
+	src, err := format.Source(g.buf.Bytes())
+	if err != nil {
+		fmt.Println("generated invalid Go code")
+		fmt.Println(g.buf.String())
+		log.Fatal(err)
+	}
+	fi, err := os.Stat(fileName)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if err := ioutil.WriteFile(genName, src, fi.Mode().Perm()); err != nil {
+		log.Fatal(err)
+	}
+}