security/hakurei
security/hakurei
5
2
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

container/init: avoid multiple lastcap calls
All checks were successful
Test / Create distribution (push) Successful in 37s
Details
Test / Sandbox (push) Successful in 2m19s
Details
Test / Hakurei (push) Successful in 3m24s
Details
Test / Hpkg (push) Successful in 4m18s
Details
Test / Sandbox (race detector) (push) Successful in 4m27s
Details
Test / Hakurei (race detector) (push) Successful in 5m14s
Details
Test / Flake checks (push) Successful in 1m19s
Details

Browse Source 
This reduces the size of []kexpect in the test suite.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra 2025-08-23 11:09:11 +09:00
parent 1b3902df78
commit b3da3da525
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
container/init.go
View File

@ -156,7 +156,7 @@ func initEntrypoint(k syscallDispatcher, prepareLogger func(prefix string), setV
} }
// cache sysctl before pivot_root // cache sysctl before pivot_root
k.lastcap() lastcap := k.lastcap()
if err := k.mount(zeroString, FHSRoot, zeroString, MS_SILENT|MS_SLAVE|MS_REC, zeroString); err != nil { if err := k.mount(zeroString, FHSRoot, zeroString, MS_SILENT|MS_SLAVE|MS_REC, zeroString); err != nil {
k.fatalf("cannot make / rslave: %v", err) k.fatalf("cannot make / rslave: %v", err)
@ -262,7 +262,7 @@ func initEntrypoint(k syscallDispatcher, prepareLogger func(prefix string), setV
if err := k.capAmbientClearAll(); err != nil { if err := k.capAmbientClearAll(); err != nil {
k.fatalf("cannot clear the ambient capability set: %v", err) k.fatalf("cannot clear the ambient capability set: %v", err)
} }
for i := uintptr(0); i <= k.lastcap(); i++ { for i := uintptr(0); i <= lastcap; i++ {
if params.Privileged && i == CAP_SYS_ADMIN { if params.Privileged && i == CAP_SYS_ADMIN {
continue continue
} }