1// +build go1.10 2 3package cap 4 5import "syscall" 6 7// LaunchSupported indicates that is safe to return from a locked 8// OS Thread and have that OS Thread be terminated by the runtime. The 9// Launch functionality really needs to rely on the fact that an 10// excess of runtime.LockOSThread() vs. runtime.UnlockOSThread() calls 11// in a returning go routine will cause the underlying locked OSThread 12// to terminate. That feature was added to the Go runtime in version 13// 1.10. 14// 15// See these bugs for the discussion and feature assumed by the code 16// in this Launch() functionality: 17// 18// https://github.com/golang/go/issues/20395 19// https://github.com/golang/go/issues/20458 20// 21// A value of false for this constant causes the Launch functionality 22// to fail with an error: cap.ErrNoLaunch. If this value is false you 23// have two choices with respect to the Launch functionality: 24// 25// 1) don't use cap.(*Launcher).Launch() 26// 2) upgrade your Go toolchain to 1.10+ (ie., do this one). 27const LaunchSupported = true 28 29// validatePA confirms that the pa.Sys entry is not incompatible with 30// Launch and loads up the chroot value. 31func validatePA(pa *syscall.ProcAttr, chroot string) (bool, error) { 32 s := pa.Sys 33 if s == nil { 34 if chroot == "" { 35 return false, nil 36 } 37 s = &syscall.SysProcAttr{ 38 Chroot: chroot, 39 } 40 pa.Sys = s 41 } else if s.Chroot != "" { 42 return false, ErrAmbiguousChroot 43 } 44 if s.Credential != nil { 45 return false, ErrAmbiguousIDs 46 } 47 if len(s.AmbientCaps) != 0 { 48 return false, ErrAmbiguousAmbient 49 } 50 return s != nil && s.Chroot != "", nil 51} 52