From 1c3af2751957ecdf9a40580983b35a4c1e1d6be8 Mon Sep 17 00:00:00 2001
From: Sebastiaan van Stijn <github@gone.nl>
Date: Sat, 19 Sep 2020 11:15:29 +0200
Subject: [PATCH] libcontainer: newContainerCapList() refactor to reduce
 duplicated code

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
---
 libcontainer/capabilities_linux.go | 77 ++++++++++++------------------
 1 file changed, 30 insertions(+), 47 deletions(-)

diff --git a/libcontainer/capabilities_linux.go b/libcontainer/capabilities_linux.go
index a353a5b3a4a..551f9a809da 100644
--- a/libcontainer/capabilities_linux.go
+++ b/libcontainer/capabilities_linux.go
@@ -25,62 +25,45 @@ func init() {
 }
 
 func newContainerCapList(capConfig *configs.Capabilities) (*containerCapabilities, error) {
-	bounding := make([]capability.Cap, len(capConfig.Bounding))
-	for i, c := range capConfig.Bounding {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		bounding[i] = v
+	var (
+		err  error
+		caps containerCapabilities
+	)
+
+	if caps.bounding, err = capSlice(capConfig.Bounding); err != nil {
+		return nil, err
 	}
-	effective := make([]capability.Cap, len(capConfig.Effective))
-	for i, c := range capConfig.Effective {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		effective[i] = v
+	if caps.effective, err = capSlice(capConfig.Effective); err != nil {
+		return nil, err
 	}
-	inheritable := make([]capability.Cap, len(capConfig.Inheritable))
-	for i, c := range capConfig.Inheritable {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		inheritable[i] = v
+	if caps.inheritable, err = capSlice(capConfig.Inheritable); err != nil {
+		return nil, err
 	}
-	permitted := make([]capability.Cap, len(capConfig.Permitted))
-	for i, c := range capConfig.Permitted {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		permitted[i] = v
+	if caps.permitted, err = capSlice(capConfig.Permitted); err != nil {
+		return nil, err
 	}
-	ambient := make([]capability.Cap, len(capConfig.Ambient))
-	for i, c := range capConfig.Ambient {
-		v, ok := capabilityMap[c]
-		if !ok {
-			return nil, fmt.Errorf("unknown capability %q", c)
-		}
-		ambient[i] = v
+	if caps.ambient, err = capSlice(capConfig.Ambient); err != nil {
+		return nil, err
 	}
-	pid, err := capability.NewPid2(0)
-	if err != nil {
+	if caps.pid, err = capability.NewPid2(0); err != nil {
 		return nil, err
 	}
-	err = pid.Load()
-	if err != nil {
+	if err = caps.pid.Load(); err != nil {
 		return nil, err
 	}
-	return &containerCapabilities{
-		bounding:    bounding,
-		effective:   effective,
-		inheritable: inheritable,
-		permitted:   permitted,
-		ambient:     ambient,
-		pid:         pid,
-	}, nil
+	return &caps, nil
+}
+
+func capSlice(caps []string) ([]capability.Cap, error) {
+	out := make([]capability.Cap, len(caps))
+	for i, c := range caps {
+		v, ok := capabilityMap[c]
+		if !ok {
+			return nil, fmt.Errorf("unknown capability %q", c)
+		}
+		out[i] = v
+	}
+	return out, nil
 }
 
 type containerCapabilities struct {