From 022cc26b2eb2260cbec1187c45e8bab1afe87116 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Wed, 20 Aug 2025 02:45:00 +0900
Subject: [PATCH] container/capability: check CAP_TO_INDEX and CAP_TO_MASK

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 container/capability_test.go | 41 ++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 container/capability_test.go

diff --git a/container/capability_test.go b/container/capability_test.go
new file mode 100644
index 0000000..21043fb
--- /dev/null
+++ b/container/capability_test.go
@@ -0,0 +1,41 @@
+package container
+
+import "testing"
+
+func TestCapToIndex(t *testing.T) {
+	testCases := []struct {
+		name string
+		cap  uintptr
+		want uintptr
+	}{
+		{"CAP_SYS_ADMIN", CAP_SYS_ADMIN, 0},
+		{"CAP_SETPCAP", CAP_SETPCAP, 0},
+		{"CAP_DAC_OVERRIDE", CAP_DAC_OVERRIDE, 0},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			if got := capToIndex(tc.cap); got != tc.want {
+				t.Errorf("capToIndex: %#x, want %#x", got, tc.want)
+			}
+		})
+	}
+}
+
+func TestCapToMask(t *testing.T) {
+	testCases := []struct {
+		name string
+		cap  uintptr
+		want uint32
+	}{
+		{"CAP_SYS_ADMIN", CAP_SYS_ADMIN, 0x200000},
+		{"CAP_SETPCAP", CAP_SETPCAP, 0x100},
+		{"CAP_DAC_OVERRIDE", CAP_DAC_OVERRIDE, 0x2},
+	}
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			if got := capToMask(tc.cap); got != tc.want {
+				t.Errorf("capToMask: %#x, want %#x", got, tc.want)
+			}
+		})
+	}
+}