| 55 | } |
| 56 | |
| 57 | func initModule(path string) (err error) { |
| 58 | file, err := os.Open(path) |
| 59 | if err != nil { |
| 60 | return fmt.Errorf("opening module file: %w", err) |
| 61 | } |
| 62 | defer func() { |
| 63 | _ = file.Close() |
| 64 | }() |
| 65 | |
| 66 | var reader io.Reader |
| 67 | switch filepath.Ext(file.Name()) { |
| 68 | case ".xz": |
| 69 | reader, err = xz.NewReader(file) |
| 70 | case ".gz": |
| 71 | reader, err = pgzip.NewReader(file) |
| 72 | case ".zst": |
| 73 | reader, err = zstd.NewReader(file) |
| 74 | default: |
| 75 | const moduleParams = "" |
| 76 | const flags = 0 |
| 77 | err = unix.FinitModule(int(file.Fd()), moduleParams, flags) |
| 78 | switch { |
| 79 | case err == nil, err == unix.EEXIST: //nolint:err113 |
| 80 | return nil |
| 81 | case err != unix.ENOSYS: //nolint:err113 |
| 82 | if strings.HasSuffix(err.Error(), "operation not permitted") { |
| 83 | err = fmt.Errorf("%w; did you set the SYS_MODULE capability to your container?", err) |
| 84 | } |
| 85 | return fmt.Errorf("finit module %s: %w", path, err) |
| 86 | case flags != 0: |
| 87 | return err // unix.ENOSYS error |
| 88 | default: // Fall back to init_module(2). |
| 89 | reader = file |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | if err != nil { |
| 94 | return fmt.Errorf("reading from %s: %w", path, err) |
| 95 | } |
| 96 | |
| 97 | image, err := io.ReadAll(reader) |
| 98 | if err != nil { |
| 99 | return fmt.Errorf("reading module image from %s: %w", path, err) |
| 100 | } |
| 101 | |
| 102 | err = file.Close() |
| 103 | if err != nil { |
| 104 | return fmt.Errorf("closing module file %s: %w", path, err) |
| 105 | } |
| 106 | |
| 107 | const params = "" |
| 108 | err = unix.InitModule(image, params) |
| 109 | switch err { |
| 110 | case nil, unix.EEXIST: |
| 111 | return nil |
| 112 | default: |
| 113 | return fmt.Errorf("init module read from %s: %w", path, err) |
| 114 | } |