Format capget/capset arguments

I0225 15:32:10.795034    4166 x:0] [   6]  E capget(0x7f477fdff8c8 {Version: 3, Pid: 0}, 0x7f477fdff8b0)
I0225 15:32:10.795059    4166 x:0] [   6]  X capget(0x7f477fdff8c8 {Version: 3, Pid: 0}, 0x7f477fdff8b0 {Permitted: CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND|CAP_AUDIT_READ, Inheritable: CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND|CAP_AUDIT_READ, Effective: 0x0}) = 0x0 (3.399?s)
I0225 15:32:10.795114    4166 x:0] [   6]  E capset(0x7f477fdff8c8 {Version: 3, Pid: 0}, 0x7f477fdff8b0 {Permitted: CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND|CAP_AUDIT_READ, Inheritable: CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND|CAP_AUDIT_READ, Effective: CAP_FOWNER})
I0225 15:32:10.795127    4166 x:0] [   6]  X capset(0x7f477fdff8c8 {Version: 3, Pid: 0}, 0x7f477fdff8b0 {Permitted: CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND|CAP_AUDIT_READ, Inheritable: CAP_CHOWN|CAP_DAC_OVERRIDE|CAP_DAC_READ_SEARCH|CAP_FOWNER|CAP_FSETID|CAP_KILL|CAP_SETGID|CAP_SETUID|CAP_SETPCAP|CAP_LINUX_IMMUTABLE|CAP_NET_BIND_SERVICE|CAP_NET_BROADCAST|CAP_NET_ADMIN|CAP_NET_RAW|CAP_IPC_LOCK|CAP_IPC_OWNER|CAP_SYS_MODULE|CAP_SYS_RAWIO|CAP_SYS_CHROOT|CAP_SYS_PTRACE|CAP_SYS_PACCT|CAP_SYS_ADMIN|CAP_SYS_BOOT|CAP_SYS_NICE|CAP_SYS_RESOURCE|CAP_SYS_TIME|CAP_SYS_TTY_CONFIG|CAP_MKNOD|CAP_LEASE|CAP_AUDIT_WRITE|CAP_AUDIT_CONTROL|CAP_SETFCAP|CAP_MAC_OVERRIDE|CAP_MAC_ADMIN|CAP_SYSLOG|CAP_WAKE_ALARM|CAP_BLOCK_SUSPEND|CAP_AUDIT_READ, Effective: CAP_FOWNER}) = 0x0 (3.062?s)

Not the most readable, but better than just a pointer.

PiperOrigin-RevId: 236338875
Change-Id: I4b83f778122ab98de3874e16f4258dae18da916b

1 files changed, 176 insertions, 0 deletions

diff --git a/pkg/sentry/strace/capability.go b/pkg/sentry/strace/capability.go
new file mode 100644
index 000000000..9001181e7
--- /dev/null
+++ b/pkg/sentry/strace/capability.go
@@ -0,0 +1,176 @@
+// Copyright 2019 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package strace
+
+import (
+	"gvisor.googlesource.com/gvisor/pkg/abi"
+	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
+)
+
+// CapabilityBitset is the set of capabilties in a bitset.
+var CapabilityBitset = abi.FlagSet{
+	{
+		Flag: 1 << uint32(linux.CAP_CHOWN),
+		Name: "CAP_CHOWN",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_DAC_OVERRIDE),
+		Name: "CAP_DAC_OVERRIDE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_DAC_READ_SEARCH),
+		Name: "CAP_DAC_READ_SEARCH",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_FOWNER),
+		Name: "CAP_FOWNER",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_FSETID),
+		Name: "CAP_FSETID",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_KILL),
+		Name: "CAP_KILL",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SETGID),
+		Name: "CAP_SETGID",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SETUID),
+		Name: "CAP_SETUID",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SETPCAP),
+		Name: "CAP_SETPCAP",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_LINUX_IMMUTABLE),
+		Name: "CAP_LINUX_IMMUTABLE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_NET_BIND_SERVICE),
+		Name: "CAP_NET_BIND_SERVICE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_NET_BROADCAST),
+		Name: "CAP_NET_BROADCAST",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_NET_ADMIN),
+		Name: "CAP_NET_ADMIN",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_NET_RAW),
+		Name: "CAP_NET_RAW",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_IPC_LOCK),
+		Name: "CAP_IPC_LOCK",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_IPC_OWNER),
+		Name: "CAP_IPC_OWNER",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_MODULE),
+		Name: "CAP_SYS_MODULE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_RAWIO),
+		Name: "CAP_SYS_RAWIO",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_CHROOT),
+		Name: "CAP_SYS_CHROOT",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_PTRACE),
+		Name: "CAP_SYS_PTRACE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_PACCT),
+		Name: "CAP_SYS_PACCT",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_ADMIN),
+		Name: "CAP_SYS_ADMIN",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_BOOT),
+		Name: "CAP_SYS_BOOT",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_NICE),
+		Name: "CAP_SYS_NICE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_RESOURCE),
+		Name: "CAP_SYS_RESOURCE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_TIME),
+		Name: "CAP_SYS_TIME",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYS_TTY_CONFIG),
+		Name: "CAP_SYS_TTY_CONFIG",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_MKNOD),
+		Name: "CAP_MKNOD",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_LEASE),
+		Name: "CAP_LEASE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_AUDIT_WRITE),
+		Name: "CAP_AUDIT_WRITE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_AUDIT_CONTROL),
+		Name: "CAP_AUDIT_CONTROL",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SETFCAP),
+		Name: "CAP_SETFCAP",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_MAC_OVERRIDE),
+		Name: "CAP_MAC_OVERRIDE",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_MAC_ADMIN),
+		Name: "CAP_MAC_ADMIN",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_SYSLOG),
+		Name: "CAP_SYSLOG",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_WAKE_ALARM),
+		Name: "CAP_WAKE_ALARM",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_BLOCK_SUSPEND),
+		Name: "CAP_BLOCK_SUSPEND",
+	},
+	{
+		Flag: 1 << uint32(linux.CAP_AUDIT_READ),
+		Name: "CAP_AUDIT_READ",
+	},
+}