From f513ac19db52be3c1567bd50e4a05df26dd2ecad Mon Sep 17 00:00:00 2001
From: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
Date: Mon, 17 Jul 2017 10:25:42 +0800
Subject: [PATCH] update gocapability

gocapability has fixed can't get ambient cap problem
and some other fixes.

Signed-off-by: Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
---
 vendor.conf                                   |  2 +-
 .../capability/capability_linux.go            |  4 +-
 .../capability/capability_test.go             | 83 +++++++++++++++++
 .../gocapability/capability/enumgen/gen.go    | 92 +++++++++++++++++++
 4 files changed, 178 insertions(+), 3 deletions(-)
 create mode 100644 vendor/github.com/syndtr/gocapability/capability/capability_test.go
 create mode 100644 vendor/github.com/syndtr/gocapability/capability/enumgen/gen.go

diff --git a/vendor.conf b/vendor.conf
index b24d7f09aa6..da51c21b727 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -7,7 +7,7 @@ github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
 github.com/opencontainers/selinux v1.0.0-rc1
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
 github.com/Sirupsen/logrus 26709e2714106fb8ad40b773b711ebce25b78914
-github.com/syndtr/gocapability e7cb7fa329f456b3855136a2642b197bad7366ba
+github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
 github.com/vishvananda/netlink 1e2e08e8a2dcdacaae3f14ac44c5cfa31361f270
 # systemd integration.
 github.com/coreos/go-systemd v14
diff --git a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go b/vendor/github.com/syndtr/gocapability/capability/capability_linux.go
index 6d2135ac585..205e0f7013a 100644
--- a/vendor/github.com/syndtr/gocapability/capability/capability_linux.go
+++ b/vendor/github.com/syndtr/gocapability/capability/capability_linux.go
@@ -428,11 +428,11 @@ func (c *capsV3) Load() (err error) {
 		}
 		if strings.HasPrefix(line, "CapB") {
 			fmt.Sscanf(line[4:], "nd:  %08x%08x", &c.bounds[1], &c.bounds[0])
-			break
+			continue
 		}
 		if strings.HasPrefix(line, "CapA") {
 			fmt.Sscanf(line[4:], "mb:  %08x%08x", &c.ambient[1], &c.ambient[0])
-			break
+			continue
 		}
 	}
 	f.Close()
diff --git a/vendor/github.com/syndtr/gocapability/capability/capability_test.go b/vendor/github.com/syndtr/gocapability/capability/capability_test.go
new file mode 100644
index 00000000000..8108655c05f
--- /dev/null
+++ b/vendor/github.com/syndtr/gocapability/capability/capability_test.go
@@ -0,0 +1,83 @@
+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>
+// All rights reserved.
+//
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package capability
+
+import "testing"
+
+func TestState(t *testing.T) {
+	testEmpty := func(name string, c Capabilities, whats CapType) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i&whats) != 0 && !c.Empty(i) {
+				t.Errorf(name+": capabilities set %q wasn't empty", i)
+			}
+		}
+	}
+	testFull := func(name string, c Capabilities, whats CapType) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i&whats) != 0 && !c.Full(i) {
+				t.Errorf(name+": capabilities set %q wasn't full", i)
+			}
+		}
+	}
+	testPartial := func(name string, c Capabilities, whats CapType) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i&whats) != 0 && (c.Empty(i) || c.Full(i)) {
+				t.Errorf(name+": capabilities set %q wasn't partial", i)
+			}
+		}
+	}
+	testGet := func(name string, c Capabilities, whats CapType, max Cap) {
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			if (i & whats) == 0 {
+				continue
+			}
+			for j := Cap(0); j <= max; j++ {
+				if !c.Get(i, j) {
+					t.Errorf(name+": capability %q wasn't found on %q", j, i)
+				}
+			}
+		}
+	}
+
+	capf := new(capsFile)
+	capf.data.version = 2
+	for _, tc := range []struct {
+		name string
+		c    Capabilities
+		sets CapType
+		max  Cap
+	}{
+		{"v1", new(capsV1), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
+		{"v3", new(capsV3), EFFECTIVE | PERMITTED | BOUNDING, CAP_LAST_CAP},
+		{"file_v1", new(capsFile), EFFECTIVE | PERMITTED, CAP_AUDIT_CONTROL},
+		{"file_v2", capf, EFFECTIVE | PERMITTED, CAP_LAST_CAP},
+	} {
+		testEmpty(tc.name, tc.c, tc.sets)
+		tc.c.Fill(CAPS | BOUNDS)
+		testFull(tc.name, tc.c, tc.sets)
+		testGet(tc.name, tc.c, tc.sets, tc.max)
+		tc.c.Clear(CAPS | BOUNDS)
+		testEmpty(tc.name, tc.c, tc.sets)
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
+				tc.c.Set(i, j)
+			}
+		}
+		testFull(tc.name, tc.c, tc.sets)
+		testGet(tc.name, tc.c, tc.sets, tc.max)
+		for i := CapType(1); i <= BOUNDING; i <<= 1 {
+			for j := Cap(0); j <= CAP_LAST_CAP; j++ {
+				tc.c.Unset(i, j)
+			}
+		}
+		testEmpty(tc.name, tc.c, tc.sets)
+		tc.c.Set(PERMITTED, CAP_CHOWN)
+		testPartial(tc.name, tc.c, PERMITTED)
+		tc.c.Clear(CAPS | BOUNDS)
+		testEmpty(tc.name, tc.c, tc.sets)
+	}
+}
diff --git a/vendor/github.com/syndtr/gocapability/capability/enumgen/gen.go b/vendor/github.com/syndtr/gocapability/capability/enumgen/gen.go
new file mode 100644
index 00000000000..4c733809b1b
--- /dev/null
+++ b/vendor/github.com/syndtr/gocapability/capability/enumgen/gen.go
@@ -0,0 +1,92 @@
+package main
+
+import (
+	"bytes"
+	"fmt"
+	"go/ast"
+	"go/format"
+	"go/parser"
+	"go/token"
+	"io/ioutil"
+	"log"
+	"os"
+	"strings"
+)
+
+const fileName = "enum.go"
+const genName = "enum_gen.go"
+
+type generator struct {
+	buf  bytes.Buffer
+	caps []string
+}
+
+func (g *generator) writeHeader() {
+	g.buf.WriteString("// generated file; DO NOT EDIT - use go generate in directory with source\n")
+	g.buf.WriteString("\n")
+	g.buf.WriteString("package capability")
+}
+
+func (g *generator) writeStringFunc() {
+	g.buf.WriteString("\n")
+	g.buf.WriteString("func (c Cap) String() string {\n")
+	g.buf.WriteString("switch c {\n")
+	for _, cap := range g.caps {
+		fmt.Fprintf(&g.buf, "case %s:\n", cap)
+		fmt.Fprintf(&g.buf, "return \"%s\"\n", strings.ToLower(cap[4:]))
+	}
+	g.buf.WriteString("}\n")
+	g.buf.WriteString("return \"unknown\"\n")
+	g.buf.WriteString("}\n")
+}
+
+func (g *generator) writeListFunc() {
+	g.buf.WriteString("\n")
+	g.buf.WriteString("// List returns list of all supported capabilities\n")
+	g.buf.WriteString("func List() []Cap {\n")
+	g.buf.WriteString("return []Cap{\n")
+	for _, cap := range g.caps {
+		fmt.Fprintf(&g.buf, "%s,\n", cap)
+	}
+	g.buf.WriteString("}\n")
+	g.buf.WriteString("}\n")
+}
+
+func main() {
+	fs := token.NewFileSet()
+	parsedFile, err := parser.ParseFile(fs, fileName, nil, 0)
+	if err != nil {
+		log.Fatal(err)
+	}
+	var caps []string
+	for _, decl := range parsedFile.Decls {
+		decl, ok := decl.(*ast.GenDecl)
+		if !ok || decl.Tok != token.CONST {
+			continue
+		}
+		for _, spec := range decl.Specs {
+			vspec := spec.(*ast.ValueSpec)
+			name := vspec.Names[0].Name
+			if strings.HasPrefix(name, "CAP_") {
+				caps = append(caps, name)
+			}
+		}
+	}
+	g := &generator{caps: caps}
+	g.writeHeader()
+	g.writeStringFunc()
+	g.writeListFunc()
+	src, err := format.Source(g.buf.Bytes())
+	if err != nil {
+		fmt.Println("generated invalid Go code")
+		fmt.Println(g.buf.String())
+		log.Fatal(err)
+	}
+	fi, err := os.Stat(fileName)
+	if err != nil {
+		log.Fatal(err)
+	}
+	if err := ioutil.WriteFile(genName, src, fi.Mode().Perm()); err != nil {
+		log.Fatal(err)
+	}
+}