MCPcopy
hub / github.com/google/gvisor / HasCapabilityOnFile

Method HasCapabilityOnFile

pkg/sentry/kernel/auth/credentials.go:230–232  ·  view source on GitHub ↗

HasCapabilityOnFile returns true if creds has the given capability with respect to a file with the given owning UID and GID, consistent with Linux's kernel/capability.c:capable_wrt_inode_uidgid().

(cp linux.Capability, kuid KUID, kgid KGID)

Source from the content-addressed store, hash-verified

228// respect to a file with the given owning UID and GID, consistent with Linux's
229// kernel/capability.c:capable_wrt_inode_uidgid().
230func (c *Credentials) HasCapabilityOnFile(cp linux.Capability, kuid KUID, kgid KGID) bool {
231 return c.HasSelfCapability(cp) && c.UserNamespace.MapFromKUID(kuid).Ok() && c.UserNamespace.MapFromKGID(kgid).Ok()
232}
233
234// UseUID checks that c can use uid in its user namespace, then translates it
235// to the root user namespace.

Callers 4

GenericCheckPermissionsFunction · 0.80
CheckSetStatFunction · 0.80
CheckDeleteStickyFunction · 0.80
FixupVfsCapDataOnSetFunction · 0.80

Calls 4

HasSelfCapabilityMethod · 0.95
MapFromKUIDMethod · 0.80
MapFromKGIDMethod · 0.80
OkMethod · 0.45

Tested by

no test coverage detected