Affected by GO-2022-0278 and 6 other vulnerabilities

GO-2022-0278: Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux in github.com/containerd/containerd

GO-2022-0344: containerd CRI plugin: Insecure handling of image volumes in github.com/containerd/containerd

GO-2022-0360: Ambiguous OCI manifest parsing in github.com/containerd/containerd

GO-2022-0482: containerd CRI plugin: Host memory exhaustion through ExecSync in github.com/containerd/containerd

GO-2022-0921: Archive package allows chmod of file outside of unpack target directory in github.com/containerd/containerd

GO-2022-0938: Insufficiently restricted permissions on plugin directories in github.com/containerd/containerd

GO-2022-1147: containerd CRI stream server vulnerable to host memory exhaustion via terminal in github.com/containerd/containerd

The highest tagged major version is v2.

cap

package

v1.5.0 Latest Latest Go to latest Published: May 3, 2021 License: Apache-2.0 Imports: 6 Imported by: 69

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/containerd/containerd

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cap provides Linux capability utility

Index ¶

func Current() ([]string, error)
func FromBitmap(v uint64) ([]string, []int)
func FromNumber(num int) string
func Known() []string
func ParseProcPIDStatus(r io.Reader) (map[Type]uint64, error)
type Type

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Current ¶

func Current() ([]string, error)

Current returns the list of the effective and the known caps of the current process.

The result is like []string{"CAP_SYS_ADMIN", ...}.

The result does not contain caps that are not recognized by the "github.com/syndtr/gocapability" library.

func FromBitmap ¶

func FromBitmap(v uint64) ([]string, []int)

FromBitmap parses an uint64 bitmap into string slice like []{"CAP_SYS_ADMIN", ...}.

Unknown cap numbers are returned as []int.

func FromNumber ¶

func FromNumber(num int) string

FromNumber returns a cap string like "CAP_SYS_ADMIN" that corresponds to the given number like 21.

FromNumber returns an empty string for unknown cap number.

func Known ¶

func Known() []string

Known returns the known cap strings of the latest kernel. The current latest kernel is 5.9.

func ParseProcPIDStatus ¶

func ParseProcPIDStatus(r io.Reader) (map[Type]uint64, error)

ParseProcPIDStatus returns uint64 bitmap value from /proc/<PID>/status file

Types ¶

type Type ¶

type Type int

Type is the type of capability

const (
	// Effective is CapEff
	Effective Type = 1 << iota
	// Permitted is CapPrm
	Permitted
	// Inheritable is CapInh
	Inheritable
	// Bounding is CapBnd
	Bounding
	// Ambient is CapAmb
	Ambient
)

Source Files ¶

View all Source files

cap_linux.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL