Documentation ¶
Overview ¶
Provides helper functions for checking if we have some functional sets of capabilities.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Fulcrum ¶
type Fulcrum struct {
// contains filtered or unexported fields
}
func (Fulcrum) CanManageOwnership ¶
Whether we have enough caps to confidently use materialize files with ownership info. This requires "have CAP_CHOWN", but also "have CAP_FOWNER" (because we need this cap in order to be able to set mtimes on files *after having chown'd them*); or, on mac, is uid==0.
func (Fulcrum) CanMountAny ¶
Whether we have enough caps to confidently use *any* kind of mounts. This requires "have CAP_SYS_ADMIN", because mounts are typically considered a very powerful operation on linux, or, on mac, is uid==0. (This is distinct from "CanMountBind" because some recursive container situations may have a whitelist allowing bind mounts, but not others like e.g. "aufs".)
func (Fulcrum) CanMountBind ¶
Whether we have enough caps to confidently use bind mounts. This requires "have CAP_SYS_ADMIN", because mounts are typically considered a very powerful operation on linux, or, on mac, is uid==0. (Future work: user namespaces may also under some conditions allow *specifically* *bind* mounts. We don't yet support it because it's fiddly and seems to be something of a moving target in terms of kernel support in the wild; lots of testing needed.)
func (Fulcrum) CanShareIOCache ¶
Whether we have enough caps to confidently access all of `$RIO_BASE/*`. We sum this up as "have CAP_DAC_OVERRIDE"; or, on mac, is uid==0.