summaryrefslogtreecommitdiffhomepage
path: root/runsc/specutils/namespace.go
diff options
context:
space:
mode:
Diffstat (limited to 'runsc/specutils/namespace.go')
-rw-r--r--runsc/specutils/namespace.go14
1 files changed, 14 insertions, 0 deletions
diff --git a/runsc/specutils/namespace.go b/runsc/specutils/namespace.go
index 80eaad965..356943a65 100644
--- a/runsc/specutils/namespace.go
+++ b/runsc/specutils/namespace.go
@@ -23,6 +23,7 @@ import (
"syscall"
specs "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/syndtr/gocapability/capability"
"golang.org/x/sys/unix"
"gvisor.googlesource.com/gvisor/pkg/log"
)
@@ -202,3 +203,16 @@ func SetUIDGIDMappings(cmd *exec.Cmd, s *specs.Spec) {
})
}
}
+
+// CanSetUIDGID returns true if the user has SETUID and SETGID capabilities.
+func CanSetUIDGID() bool {
+ caps, err := capability.NewPid2(os.Getpid())
+ if err != nil {
+ return false
+ }
+ if err := caps.Load(); err != nil {
+ return false
+ }
+ return caps.Get(capability.EFFECTIVE, capability.CAP_SETUID) &&
+ caps.Get(capability.EFFECTIVE, capability.CAP_SETGID)
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-17 16:52:43 +0000