containerd
diff --git a/‎go.mod‎
Lines changed: 0 additions & 1 deletion b/‎go.mod‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 0 additions & 28 deletions b/‎go.sum‎
Lines changed: 0 additions & 28 deletions
diff --git a/‎pkg/cap/cap_linux.go‎
Lines changed: 41 additions & 21 deletions b/‎pkg/cap/cap_linux.go‎
Lines changed: 41 additions & 21 deletions
diff --git a/‎pkg/cap/cap_linux_test.go‎
Lines changed: 15 additions & 7 deletions b/‎pkg/cap/cap_linux_test.go‎
Lines changed: 15 additions & 7 deletions
diff --git a/‎vendor/github.com/syndtr/gocapability/LICENSE‎
Lines changed: 0 additions & 24 deletions b/‎vendor/github.com/syndtr/gocapability/LICENSE‎
Lines changed: 0 additions & 24 deletions
diff --git a/‎vendor/github.com/syndtr/gocapability/capability/capability.go‎
Lines changed: 0 additions & 133 deletions b/‎vendor/github.com/syndtr/gocapability/capability/capability.go‎
Lines changed: 0 additions & 133 deletions
@@ -48,7 +48,6 @@ require (
 	github.com/prometheus/client_golang v1.7.1
 	github.com/sirupsen/logrus v1.7.0
 	github.com/stretchr/testify v1.6.1
-	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
 	github.com/tchap/go-patricia v2.2.6+incompatible
 	github.com/urfave/cli v1.22.2
 	go.etcd.io/bbolt v1.3.5
 
@@ -25,9 +25,19 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
-	"github.com/syndtr/gocapability/capability"
 )
 
+// FromNumber returns a cap string like "CAP_SYS_ADMIN"
+// that corresponds to the given number like 21.
+//
+// FromNumber returns an empty string for unknown cap number.
+func FromNumber(num int) string {
+	if num < 0 || num > len(capsLatest)-1 {
+		return ""
+	}
+	return capsLatest[num]
+}
+
 // FromBitmap parses an uint64 bitmap into string slice like
 // []{"CAP_SYS_ADMIN", ...}.
 //
@@ -37,17 +47,9 @@ func FromBitmap(v uint64) ([]string, []int) {
 		res     []string
 		unknown []int
 	)
-	knownList := capability.List()
-	known := make(map[string]struct{}, len(knownList))
-	for _, f := range knownList {
-		known[f.String()] = struct{}{}
-	}
 	for i := 0; i <= 63; i++ {
 		if b := (v >> i) & 0x1; b == 0x1 {
-			c := capability.Cap(i)
-			sRaw := c.String()
-			if _, ok := known[sRaw]; ok {
-				s := "CAP_" + strings.ToUpper(sRaw)
+			if s := FromNumber(i); s != "" {
 				res = append(res, s)
 			} else {
 				unknown = append(unknown, i)
@@ -57,9 +59,25 @@ func FromBitmap(v uint64) ([]string, []int) {
 	return res, unknown
 }
 
+// Type is the type of capability
+type Type int
+
+const (
+	// Effective is CapEff
+	Effective Type = 1 << iota
+	// Effective is CapPrm
+	Permitted
+	// Inheritable is CapInh
+	Inheritable
+	// Bounding is CapBnd
+	Bounding
+	// Ambient is CapAmb
+	Ambient
+)
+
 // ParseProcPIDStatus returns uint64 bitmap value from /proc/<PID>/status file
-func ParseProcPIDStatus(r io.Reader) (map[capability.CapType]uint64, error) {
-	res := make(map[capability.CapType]uint64)
+func ParseProcPIDStatus(r io.Reader) (map[Type]uint64, error) {
+	res := make(map[Type]uint64)
 	scanner := bufio.NewScanner(r)
 	for scanner.Scan() {
 		line := scanner.Text()
@@ -77,15 +95,15 @@ func ParseProcPIDStatus(r io.Reader) (map[capability.CapType]uint64, error) {
 			}
 			switch k {
 			case "CapInh":
-				res[capability.INHERITABLE] = ui64
+				res[Inheritable] = ui64
 			case "CapPrm":
-				res[capability.PERMITTED] = ui64
+				res[Permitted] = ui64
 			case "CapEff":
-				res[capability.EFFECTIVE] = ui64
+				res[Effective] = ui64
 			case "CapBnd":
-				res[capability.BOUNDING] = ui64
+				res[Bounding] = ui64
 			case "CapAmb":
-				res[capability.AMBIENT] = ui64
+				res[Ambient] = ui64
 			}
 		}
 	}
@@ -112,7 +130,7 @@ func Current() ([]string, error) {
 	if err != nil {
 		return nil, err
 	}
-	capEff := caps[capability.EFFECTIVE]
+	capEff := caps[Effective]
 	names, _ := FromBitmap(capEff)
 	return names, nil
 }
@@ -163,10 +181,12 @@ var (
 	// caps58 is the caps of kernel 5.8 (40 entries)
 	caps58 = append(caps316, []string{"CAP_PERFMON", "CAP_BPF"}...)
 	// caps59 is the caps of kernel 5.9 (41 entries)
-	caps59 = append(caps58, "CAP_CHECKPOINT_RESTORE")
+	caps59     = append(caps58, "CAP_CHECKPOINT_RESTORE")
+	capsLatest = caps59
 )
 
-// Known returns the known cap strings as of kernel 5.9
+// Known returns the known cap strings of the latest kernel.
+// The current latest kernel is 5.9.
 func Known() []string {
-	return caps59
+	return capsLatest
 }
@@ -21,7 +21,6 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"github.com/syndtr/gocapability/capability"
 )
 
 func TestCapsList(t *testing.T) {
@@ -30,6 +29,15 @@ func TestCapsList(t *testing.T) {
 	assert.Len(t, caps59, 41)
 }
 
+func TestFromNumber(t *testing.T) {
+	assert.Equal(t, "CAP_CHOWN", FromNumber(0))
+	assert.Equal(t, "CAP_SYS_ADMIN", FromNumber(21))
+	assert.Equal(t, "CAP_CHECKPOINT_RESTORE", FromNumber(40))
+	assert.Equal(t, "", FromNumber(-1))
+	assert.Equal(t, "", FromNumber(63))
+	assert.Equal(t, "", FromNumber(255))
+}
+
 func TestFromBitmap(t *testing.T) {
 	type testCase struct {
 		comment    string
@@ -139,12 +147,12 @@ nonvoluntary_ctxt_switches:     0
 `
 	res, err := ParseProcPIDStatus(strings.NewReader(procPIDStatus))
 	assert.NoError(t, err)
-	expected := map[capability.CapType]uint64{
-		capability.INHERITABLE: 0,
-		capability.PERMITTED:   0xffffffffff,
-		capability.EFFECTIVE:   0xffffffffff,
-		capability.BOUNDING:    0xffffffffff,
-		capability.AMBIENT:     0,
+	expected := map[Type]uint64{
+		Inheritable: 0,
+		Permitted:   0xffffffffff,
+		Effective:   0xffffffffff,
+		Bounding:    0xffffffffff,
+		Ambient:     0,
 	}
 	assert.EqualValues(t, expected, res)
 }