From 5a01f854e2af33aa9b1ac3072eca12b9e253b078 Mon Sep 17 00:00:00 2001 From: Christiano Haesbaert Date: Mon, 4 Dec 2023 16:28:40 +0100 Subject: [PATCH] providers/linux: Export capabilities as CAP_UPPERCASE I don't think there are users of this yet, the ECS format expects CAP_FOO, so it makes no sense for us to have a different representation than that one. --- providers/linux/capabilities_linux.go | 85 ++++++++++++++------------- 1 file changed, 43 insertions(+), 42 deletions(-) diff --git a/providers/linux/capabilities_linux.go b/providers/linux/capabilities_linux.go index 40bf454d..34052e11 100644 --- a/providers/linux/capabilities_linux.go +++ b/providers/linux/capabilities_linux.go @@ -29,49 +29,50 @@ import ( // // curl -s https://raw.githubusercontent.com/torvalds/linux/master/include/uapi/linux/capability.h | \ // grep -P '^#define CAP_\w+\s+\d+' | \ -// perl -pe 's/#define CAP_(\w+)\s+(\d+)/\2: "\L\1",/g' +// perl -pe 's/#define (\w+)\s+(\d+)/\2: "\1",/g' + var capabilityNames = map[int]string{ - 0: "chown", - 1: "dac_override", - 2: "dac_read_search", - 3: "fowner", - 4: "fsetid", - 5: "kill", - 6: "setgid", - 7: "setuid", - 8: "setpcap", - 9: "linux_immutable", - 10: "net_bind_service", - 11: "net_broadcast", - 12: "net_admin", - 13: "net_raw", - 14: "ipc_lock", - 15: "ipc_owner", - 16: "sys_module", - 17: "sys_rawio", - 18: "sys_chroot", - 19: "sys_ptrace", - 20: "sys_pacct", - 21: "sys_admin", - 22: "sys_boot", - 23: "sys_nice", - 24: "sys_resource", - 25: "sys_time", - 26: "sys_tty_config", - 27: "mknod", - 28: "lease", - 29: "audit_write", - 30: "audit_control", - 31: "setfcap", - 32: "mac_override", - 33: "mac_admin", - 34: "syslog", - 35: "wake_alarm", - 36: "block_suspend", - 37: "audit_read", - 38: "perfmon", - 39: "bpf", - 40: "checkpoint_restore", + 0: "CAP_CHOWN", + 1: "CAP_DAC_OVERRIDE", + 2: "CAP_DAC_READ_SEARCH", + 3: "CAP_FOWNER", + 4: "CAP_FSETID", + 5: "CAP_KILL", + 6: "CAP_SETGID", + 7: "CAP_SETUID", + 8: "CAP_SETPCAP", + 9: "CAP_LINUX_IMMUTABLE", + 10: "CAP_NET_BIND_SERVICE", + 11: "CAP_NET_BROADCAST", + 12: "CAP_NET_ADMIN", + 13: "CAP_NET_RAW", + 14: "CAP_IPC_LOCK", + 15: "CAP_IPC_OWNER", + 16: "CAP_SYS_MODULE", + 17: "CAP_SYS_RAWIO", + 18: "CAP_SYS_CHROOT", + 19: "CAP_SYS_PTRACE", + 20: "CAP_SYS_PACCT", + 21: "CAP_SYS_ADMIN", + 22: "CAP_SYS_BOOT", + 23: "CAP_SYS_NICE", + 24: "CAP_SYS_RESOURCE", + 25: "CAP_SYS_TIME", + 26: "CAP_SYS_TTY_CONFIG", + 27: "CAP_MKNOD", + 28: "CAP_LEASE", + 29: "CAP_AUDIT_WRITE", + 30: "CAP_AUDIT_CONTROL", + 31: "CAP_SETFCAP", + 32: "CAP_MAC_OVERRIDE", + 33: "CAP_MAC_ADMIN", + 34: "CAP_SYSLOG", + 35: "CAP_WAKE_ALARM", + 36: "CAP_BLOCK_SUSPEND", + 37: "CAP_AUDIT_READ", + 38: "CAP_PERFMON", + 39: "CAP_BPF", + 40: "CAP_CHECKPOINT_RESTORE", } func capabilityName(num int) string {