From b96654aff1531a948ceed2255fc0a83164622d82 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Fri, 20 Sep 2024 10:52:16 -0700
Subject: [PATCH] capability: add LastCap stub for non-Linux

So that the code which uses capability.LastCap can be compiled on
non-Linux platforms.

Amend the LastCap test to also run on non-Linux.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 capability/capability.go                      |  6 ++++++
 capability/capability_linux.go                |  5 -----
 capability/capability_noop.go                 |  4 ++++
 ...ility_linux_test.go => capability_test.go} | 19 +++++++++++++++----
 4 files changed, 25 insertions(+), 9 deletions(-)
 rename capability/{capability_linux_test.go => capability_test.go} (79%)

diff --git a/capability/capability.go b/capability/capability.go
index 2c46b8e..3e5152c 100644
--- a/capability/capability.go
+++ b/capability/capability.go
@@ -132,3 +132,9 @@ func NewFile(path string) (Capabilities, error) {
 func NewFile2(path string) (Capabilities, error) {
 	return newFile(path)
 }
+
+// LastCap returns highest valid capability of the running kernel,
+// or an error if it can not be obtained.
+func LastCap() (Cap, error) {
+	return lastCap()
+}
diff --git a/capability/capability_linux.go b/capability/capability_linux.go
index d30b6f8..aa600e1 100644
--- a/capability/capability_linux.go
+++ b/capability/capability_linux.go
@@ -25,11 +25,6 @@ const (
 	linuxCapVer3 = 0x20080522
 )
 
-// LastCap returns highest valid capability of the running kernel.
-func LastCap() (Cap, error) {
-	return lastCap()
-}
-
 var lastCap = sync.OnceValues(func() (Cap, error) {
 	f, err := os.Open("/proc/sys/kernel/cap_last_cap")
 	if err != nil {
diff --git a/capability/capability_noop.go b/capability/capability_noop.go
index d5798ff..2679d2e 100644
--- a/capability/capability_noop.go
+++ b/capability/capability_noop.go
@@ -20,3 +20,7 @@ func newPid(_ int) (Capabilities, error) {
 func newFile(_ string) (Capabilities, error) {
 	return nil, errNotSup
 }
+
+func lastCap() (Cap, error) {
+	return Cap(-1), errNotSup
+}
diff --git a/capability/capability_linux_test.go b/capability/capability_test.go
similarity index 79%
rename from capability/capability_linux_test.go
rename to capability/capability_test.go
index f4e3052..ec03f18 100644
--- a/capability/capability_linux_test.go
+++ b/capability/capability_test.go
@@ -4,15 +4,26 @@
 
 package capability
 
-import "testing"
+import (
+	"runtime"
+	"testing"
+)
 
 func TestLastCap(t *testing.T) {
 	last, err := LastCap()
-	if err != nil {
-		t.Fatal(err)
+	switch runtime.GOOS {
+	case "linux":
+		if err != nil {
+			t.Fatal(err)
+		}
+	default:
+		if err == nil {
+			t.Fatal(runtime.GOOS, ": want error, got nil")
+		}
+		return
 	}
 
-	// Sanity checks.
+	// Sanity checks (Linux only).
 	//
 	// Based on the fact Go 1.18+ supports Linux >= 2.6.32, and
 	//   - CAP_MAC_ADMIN (33) was added in 2.6.25;