Merge pull request #4836 from nalind/debug-capabilities

At startup, log the effective capabilities for debugging

cmd/buildah/main.go

@@ -147,6 +147,7 @@ func before(cmd *cobra.Command) error {
 	case "", "help", "version", "mount":
 		return nil
 	}
+	debugCapabilities()
 	unshare.MaybeReexecUsingUserNamespace(false)
 	if globalFlagResults.CPUProfile != "" {
 		globalFlagResults.cpuProfileFile, err = os.Create(globalFlagResults.CPUProfile)

cmd/buildah/unshare.go

@@ -7,12 +7,14 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"sort"
 	"strings"
 
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"github.com/syndtr/gocapability/capability"
 )
 
 var (
@@ -126,3 +128,23 @@ func unshareCmd(c *cobra.Command, args []string) error {
 	os.Exit(1)
 	return nil
 }
+
+func debugCapabilities() {
+	pid, err := capability.NewPid2(0)
+	if err != nil {
+		logrus.Errorf("error checking our capabilities: %v", err)
+		return
+	}
+	if err := pid.Load(); err != nil {
+		logrus.Errorf("error loading our current capabilities: %v", err)
+		return
+	}
+	knownCaps := capability.List()
+	effective := make([]string, 0, len(knownCaps))
+	for i := range knownCaps {
+		have := pid.Get(capability.EFFECTIVE, knownCaps[i])
+		effective = append(effective, fmt.Sprintf("%s=%v", knownCaps[i].String(), have))
+	}
+	sort.Strings(effective)
+	logrus.Debugf("effective capabilities: %v", effective)
+}

cmd/buildah/unshare_unsupported.go

@@ -1,3 +1,4 @@
+//go:build !linux
 // +build !linux
 
 package main
@@ -16,3 +17,6 @@ func init() {
 	}
 	rootCmd.AddCommand(&unshareCommand)
 }
+
+func debugCapabilities() {
+}