Skip to content

Commit

Permalink
libct: use slices package
Browse files Browse the repository at this point in the history
As we're no longer supporting Go < 1.21.

Signed-off-by: Kir Kolyshkin <[email protected]>
  • Loading branch information
kolyshkin committed Jun 6, 2024
1 parent 460e0af commit 2bf469d
Showing 1 changed file with 4 additions and 13 deletions.
17 changes: 4 additions & 13 deletions libcontainer/container_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"path"
"path/filepath"
"reflect"
"slices"
"strconv"
"strings"
"sync"
Expand Down Expand Up @@ -452,16 +453,6 @@ func (c *Container) includeExecFifo(cmd *exec.Cmd) error {
return nil
}

// No longer needed in Go 1.21.
func slicesContains[S ~[]E, E comparable](slice S, needle E) bool {
for _, val := range slice {
if val == needle {
return true
}
}
return false
}

func isDmzBinarySafe(c *configs.Config) bool {
// Because we set the dumpable flag in nsexec, the only time when it is
// unsafe to use runc-dmz is when the container process would be able to
Expand All @@ -472,9 +463,9 @@ func isDmzBinarySafe(c *configs.Config) bool {
// inheritable, or ambient sets). Luckily, most containers do not have this
// capability.
if c.Capabilities == nil ||
(!slicesContains(c.Capabilities.Bounding, "CAP_SYS_PTRACE") &&
!slicesContains(c.Capabilities.Inheritable, "CAP_SYS_PTRACE") &&
!slicesContains(c.Capabilities.Ambient, "CAP_SYS_PTRACE")) {
(!slices.Contains(c.Capabilities.Bounding, "CAP_SYS_PTRACE") &&
!slices.Contains(c.Capabilities.Inheritable, "CAP_SYS_PTRACE") &&
!slices.Contains(c.Capabilities.Ambient, "CAP_SYS_PTRACE")) {
return true
}

Expand Down

0 comments on commit 2bf469d

Please sign in to comment.