@@ -594,6 +594,10 @@ func (container *Container) Start() (err error) {

 		env = append(env, "TERM=xterm")

 	}

+	if container.hostConfig.Privileged {

+		params = append(params, "-privileged")

+	}

+

 	// Init any links between the parent and children

 	runtime := container.runtime

@@ -27,6 +27,8 @@ git_clone github.com/gorilla/context/ 708054d61e5

 git_clone github.com/gorilla/mux/ 9b36453141c

+git_clone github.com/syndtr/gocapability 3454319be2

+

 # Docker requires code.google.com/p/go.net/websocket

 PKG=code.google.com/p/go.net REV=84a4013f96e0

 (

@@ -110,18 +110,11 @@ lxc.mount.entry = {{escapeFstabSpaces $realPath}} {{escapeFstabSpaces $ROOTFS}}/

 {{end}}

 {{if (getHostConfig .).Privileged}}

-# retain all capabilities; no lxc.cap.drop line

 {{if (getCapabilities .).AppArmor}}

 lxc.aa_profile = unconfined

 {{else}}

 #lxc.aa_profile = unconfined

 {{end}}

-{{else}}

-# drop linux capabilities (apply mainly to the user root in the container)

-#  (Note: 'lxc.cap.keep' is coming soon and should replace this under the

-#         security principle 'deny all unless explicitly permitted', see

-#         http://sourceforge.net/mailarchive/message.php?msg_id=31054627 )

-lxc.cap.drop = audit_control audit_write mac_admin mac_override mknod setpcap sys_admin sys_module sys_nice sys_pacct sys_rawio sys_resource sys_time sys_tty_config

 {{end}}

 # limits

@@ -6,6 +6,7 @@ import (

 	"fmt"

 	"github.com/dotcloud/docker/netlink"

 	"github.com/dotcloud/docker/utils"

+	"github.com/syndtr/gocapability/capability"

 	"io/ioutil"

 	"log"

 	"net"

@@ -17,11 +18,12 @@ import (

 )

 type DockerInitArgs struct {

-	user    string

-	gateway string

-	workDir string

-	env     []string

-	args    []string

+	user       string

+	gateway    string

+	workDir    string

+	privileged bool

+	env        []string

+	args       []string

 }

 // Setup networking

@@ -82,6 +84,42 @@ func changeUser(args *DockerInitArgs) error {

 	return nil

 }

+func setupCapabilities(args *DockerInitArgs) error {

+

+	if args.privileged {

+		return nil

+	}

+

+	drop := []capability.Cap{

+		capability.CAP_SETPCAP,

+		capability.CAP_SYS_MODULE,

+		capability.CAP_SYS_RAWIO,

+		capability.CAP_SYS_PACCT,

+		capability.CAP_SYS_ADMIN,

+		capability.CAP_SYS_NICE,

+		capability.CAP_SYS_RESOURCE,

+		capability.CAP_SYS_TIME,

+		capability.CAP_SYS_TTY_CONFIG,

+		capability.CAP_MKNOD,

+		capability.CAP_AUDIT_WRITE,

+		capability.CAP_AUDIT_CONTROL,

+		capability.CAP_MAC_OVERRIDE,

+		capability.CAP_MAC_ADMIN,

+	}

+

+	c, err := capability.NewPid(os.Getpid())

+	if err != nil {

+		return err

+	}

+

+	c.Unset(capability.CAPS|capability.BOUNDS, drop...)

+

+	if err := c.Apply(capability.CAPS | capability.BOUNDS); err != nil {

+		return err

+	}

+	return nil

+}

+

 // Clear environment pollution introduced by lxc-start

 func setupEnv(args *DockerInitArgs) {

 	os.Clearenv()

@@ -101,6 +139,10 @@ func executeProgram(args *DockerInitArgs) error {

 		return err

 	}

+	if err := setupCapabilities(args); err != nil {

+		return err

+	}

+

 	if err := setupWorkingDirectory(args); err != nil {

 		return err

 	}

@@ -136,6 +178,7 @@ func SysInit() {

 	user := flag.String("u", "", "username or uid")

 	gateway := flag.String("g", "", "gateway address")

 	workDir := flag.String("w", "", "workdir")

+	privileged := flag.Bool("privileged", false, "privileged mode")

 	flag.Parse()

 	// Get env

@@ -149,11 +192,12 @@ func SysInit() {

 	}

 	args := &DockerInitArgs{

-		user:    *user,

-		gateway: *gateway,

-		workDir: *workDir,

-		env:     env,

-		args:    flag.Args(),

+		user:       *user,

+		gateway:    *gateway,

+		workDir:    *workDir,

+		privileged: *privileged,

+		env:        env,

+		args:       flag.Args(),

 	}

 	if err := executeProgram(args); err != nil {

new file mode 100644

@@ -0,0 +1,24 @@

+Copyright 2013 Suryandaru Triandana <syndtr@gmail.com>

+All rights reserved.

+

+Redistribution and use in source and binary forms, with or without

+modification, are permitted provided that the following conditions are

+met:

+

+    * Redistributions of source code must retain the above copyright

+notice, this list of conditions and the following disclaimer.

+    * Redistributions in binary form must reproduce the above copyright

+notice, this list of conditions and the following disclaimer in the

+documentation and/or other materials provided with the distribution.

+

+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR

+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

new file mode 100644

@@ -0,0 +1,71 @@

+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>

+// All rights reserved.

+//

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+

+// Package capability provides utilities for manipulating POSIX capabilities.

+package capability

+

+type Capabilities interface {

+	// Get check whether a capability present in the given

+	// capabilities set. The 'which' value should be one of EFFECTIVE,

+	// PERMITTED, INHERITABLE or BOUNDING.

+	Get(which CapType, what Cap) bool

+

+	// Empty check whether all capability bits of the given capabilities

+	// set are zero. The 'which' value should be one of EFFECTIVE,

+	// PERMITTED, INHERITABLE or BOUNDING.

+	Empty(which CapType) bool

+

+	// Full check whether all capability bits of the given capabilities

+	// set are one. The 'which' value should be one of EFFECTIVE,

+	// PERMITTED, INHERITABLE or BOUNDING.

+	Full(which CapType) bool

+

+	// Set sets capabilities of the given capabilities sets. The

+	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,

+	// PERMITTED, INHERITABLE or BOUNDING.

+	Set(which CapType, caps ...Cap)

+

+	// Unset unsets capabilities of the given capabilities sets. The

+	// 'which' value should be one or combination (OR'ed) of EFFECTIVE,

+	// PERMITTED, INHERITABLE or BOUNDING.

+	Unset(which CapType, caps ...Cap)

+

+	// Fill sets all bits of the given capabilities kind to one. The

+	// 'kind' value should be one or combination (OR'ed) of CAPS or

+	// BOUNDS.

+	Fill(kind CapType)

+

+	// Clear sets all bits of the given capabilities kind to zero. The

+	// 'kind' value should be one or combination (OR'ed) of CAPS or

+	// BOUNDS.

+	Clear(kind CapType)

+

+	// String return current capabilities state of the given capabilities

+	// set as string. The 'which' value should be one of EFFECTIVE,

+	// PERMITTED, INHERITABLE or BOUNDING.

+	StringCap(which CapType) string

+

+	// String return current capabilities state as string.

+	String() string

+

+	// Load load actual capabilities value. This will overwrite all

+	// outstanding changes.

+	Load() error

+

+	// Apply apply the capabilities settings, so all changes will take

+	// effect.

+	Apply(kind CapType) error

+}

+

+// NewPid create new initialized Capabilities object for given pid.

+func NewPid(pid int) (Capabilities, error) {

+	return newPid(pid)

+}

+

+// NewFile create new initialized Capabilities object for given named file.

+func NewFile(name string) (Capabilities, error) {

+	return newFile(name)

+}

new file mode 100644

@@ -0,0 +1,561 @@

+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>

+// All rights reserved.

+//

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+

+package capability

+

+import (

+	"bufio"

+	"errors"

+	"fmt"

+	"io"

+	"os"

+	"strings"

+	"syscall"

+)

+

+var errUnknownVers = errors.New("unknown capability version")

+

+const (

+	linuxCapVer1 = 0x19980330

+	linuxCapVer2 = 0x20071026

+	linuxCapVer3 = 0x20080522

+)

+

+var capVers uint32

+

+func init() {

+	var hdr capHeader

+	capget(&hdr, nil)

+	capVers = hdr.version

+}

+

+func mkStringCap(c Capabilities, which CapType) (ret string) {

+	for i, first := Cap(0), true; i <= CAP_LAST_CAP; i++ {

+		if !c.Get(which, i) {

+			continue

+		}

+		if first {

+			first = false

+		} else {

+			ret += ", "

+		}

+		ret += i.String()

+	}

+	return

+}

+

+func mkString(c Capabilities, max CapType) (ret string) {

+	ret = "{"

+	for i := CapType(1); i <= max; i <<= 1 {

+		ret += " " + i.String() + "=\""

+		if c.Empty(i) {

+			ret += "empty"

+		} else if c.Full(i) {

+			ret += "full"

+		} else {

+			ret += c.StringCap(i)

+		}

+		ret += "\""

+	}

+	ret += " }"

+	return

+}

+

+func newPid(pid int) (c Capabilities, err error) {

+	switch capVers {

+	case linuxCapVer1:

+		p := new(capsV1)

+		p.hdr.version = capVers

+		p.hdr.pid = pid

+		c = p

+	case linuxCapVer2, linuxCapVer3:

+		p := new(capsV3)

+		p.hdr.version = capVers

+		p.hdr.pid = pid

+		c = p

+	default:

+		err = errUnknownVers

+		return

+	}

+	err = c.Load()

+	if err != nil {

+		c = nil

+	}

+	return

+}

+

+type capsV1 struct {

+	hdr  capHeader

+	data capData

+}

+

+func (c *capsV1) Get(which CapType, what Cap) bool {

+	if what > 32 {

+		return false

+	}

+

+	switch which {

+	case EFFECTIVE:

+		return (1<<uint(what))&c.data.effective != 0

+	case PERMITTED:

+		return (1<<uint(what))&c.data.permitted != 0

+	case INHERITABLE:

+		return (1<<uint(what))&c.data.inheritable != 0

+	}

+

+	return false

+}

+

+func (c *capsV1) getData(which CapType) (ret uint32) {

+	switch which {

+	case EFFECTIVE:

+		ret = c.data.effective

+	case PERMITTED:

+		ret = c.data.permitted

+	case INHERITABLE:

+		ret = c.data.inheritable

+	}

+	return

+}

+

+func (c *capsV1) Empty(which CapType) bool {

+	return c.getData(which) == 0

+}

+

+func (c *capsV1) Full(which CapType) bool {

+	return (c.getData(which) & 0x7fffffff) == 0x7fffffff

+}

+

+func (c *capsV1) Set(which CapType, caps ...Cap) {

+	for _, what := range caps {

+		if what > 32 {

+			continue

+		}

+

+		if which&EFFECTIVE != 0 {

+			c.data.effective |= 1 << uint(what)

+		}

+		if which&PERMITTED != 0 {

+			c.data.permitted |= 1 << uint(what)

+		}

+		if which&INHERITABLE != 0 {

+			c.data.inheritable |= 1 << uint(what)

+		}

+	}

+}

+

+func (c *capsV1) Unset(which CapType, caps ...Cap) {

+	for _, what := range caps {

+		if what > 32 {

+			continue

+		}

+

+		if which&EFFECTIVE != 0 {

+			c.data.effective &= ^(1 << uint(what))

+		}

+		if which&PERMITTED != 0 {

+			c.data.permitted &= ^(1 << uint(what))

+		}

+		if which&INHERITABLE != 0 {

+			c.data.inheritable &= ^(1 << uint(what))

+		}

+	}

+}

+

+func (c *capsV1) Fill(kind CapType) {

+	if kind&CAPS == CAPS {

+		c.data.effective = 0x7fffffff

+		c.data.permitted = 0x7fffffff

+		c.data.inheritable = 0

+	}

+}

+

+func (c *capsV1) Clear(kind CapType) {

+	if kind&CAPS == CAPS {

+		c.data.effective = 0

+		c.data.permitted = 0

+		c.data.inheritable = 0

+	}

+}

+

+func (c *capsV1) StringCap(which CapType) (ret string) {

+	return mkStringCap(c, which)

+}

+

+func (c *capsV1) String() (ret string) {

+	return mkString(c, BOUNDING)

+}

+

+func (c *capsV1) Load() (err error) {

+	return capget(&c.hdr, &c.data)

+}

+

+func (c *capsV1) Apply(kind CapType) error {

+	if kind&CAPS == CAPS {

+		return capset(&c.hdr, &c.data)

+	}

+	return nil

+}

+

+type capsV3 struct {

+	hdr    capHeader

+	data   [2]capData

+	bounds [2]uint32

+}

+

+func (c *capsV3) Get(which CapType, what Cap) bool {

+	var i uint

+	if what > 31 {

+		i = uint(what) >> 5

+		what %= 32

+	}

+

+	switch which {

+	case EFFECTIVE:

+		return (1<<uint(what))&c.data[i].effective != 0

+	case PERMITTED:

+		return (1<<uint(what))&c.data[i].permitted != 0

+	case INHERITABLE:

+		return (1<<uint(what))&c.data[i].inheritable != 0

+	case BOUNDING:

+		return (1<<uint(what))&c.bounds[i] != 0

+	}

+

+	return false

+}

+

+func (c *capsV3) getData(which CapType, dest []uint32) {

+	switch which {

+	case EFFECTIVE:

+		dest[0] = c.data[0].effective

+		dest[1] = c.data[1].effective

+	case PERMITTED:

+		dest[0] = c.data[0].permitted

+		dest[1] = c.data[1].permitted

+	case INHERITABLE:

+		dest[0] = c.data[0].inheritable

+		dest[1] = c.data[1].inheritable

+	case BOUNDING:

+		dest[0] = c.bounds[0]

+		dest[1] = c.bounds[1]

+	}

+}

+

+func (c *capsV3) Empty(which CapType) bool {

+	var data [2]uint32

+	c.getData(which, data[:])

+	return data[0] == 0 && data[1] == 0

+}

+

+func (c *capsV3) Full(which CapType) bool {

+	var data [2]uint32

+	c.getData(which, data[:])

+	if (data[0] & 0xffffffff) != 0xffffffff {

+		return false

+	}

+	return (data[1] & capUpperMask) == capUpperMask

+}

+

+func (c *capsV3) Set(which CapType, caps ...Cap) {

+	for _, what := range caps {

+		var i uint

+		if what > 31 {

+			i = uint(what) >> 5

+			what %= 32

+		}

+

+		if which&EFFECTIVE != 0 {

+			c.data[i].effective |= 1 << uint(what)

+		}

+		if which&PERMITTED != 0 {

+			c.data[i].permitted |= 1 << uint(what)

+		}

+		if which&INHERITABLE != 0 {

+			c.data[i].inheritable |= 1 << uint(what)

+		}

+		if which&BOUNDING != 0 {

+			c.bounds[i] |= 1 << uint(what)

+		}

+	}

+}

+

+func (c *capsV3) Unset(which CapType, caps ...Cap) {

+	for _, what := range caps {

+		var i uint

+		if what > 31 {

+			i = uint(what) >> 5

+			what %= 32

+		}

+

+		if which&EFFECTIVE != 0 {

+			c.data[i].effective &= ^(1 << uint(what))

+		}

+		if which&PERMITTED != 0 {

+			c.data[i].permitted &= ^(1 << uint(what))

+		}

+		if which&INHERITABLE != 0 {

+			c.data[i].inheritable &= ^(1 << uint(what))

+		}

+		if which&BOUNDING != 0 {

+			c.bounds[i] &= ^(1 << uint(what))

+		}

+	}

+}

+

+func (c *capsV3) Fill(kind CapType) {

+	if kind&CAPS == CAPS {

+		c.data[0].effective = 0xffffffff

+		c.data[0].permitted = 0xffffffff

+		c.data[0].inheritable = 0

+		c.data[1].effective = 0xffffffff

+		c.data[1].permitted = 0xffffffff

+		c.data[1].inheritable = 0

+	}

+

+	if kind&BOUNDS == BOUNDS {

+		c.bounds[0] = 0xffffffff

+		c.bounds[1] = 0xffffffff

+	}

+}

+

+func (c *capsV3) Clear(kind CapType) {

+	if kind&CAPS == CAPS {

+		c.data[0].effective = 0

+		c.data[0].permitted = 0

+		c.data[0].inheritable = 0

+		c.data[1].effective = 0

+		c.data[1].permitted = 0

+		c.data[1].inheritable = 0

+	}

+

+	if kind&BOUNDS == BOUNDS {

+		c.bounds[0] = 0

+		c.bounds[1] = 0

+	}

+}

+

+func (c *capsV3) StringCap(which CapType) (ret string) {

+	return mkStringCap(c, which)

+}

+

+func (c *capsV3) String() (ret string) {

+	return mkString(c, BOUNDING)

+}

+

+func (c *capsV3) Load() (err error) {

+	err = capget(&c.hdr, &c.data[0])

+	if err != nil {

+		return

+	}

+

+	f, err := os.Open(fmt.Sprintf("/proc/%d/status", c.hdr.pid))

+	if err != nil {

+		return

+	}

+	b := bufio.NewReader(f)

+	for {

+		line, e := b.ReadString('\n')

+		if e != nil {

+			if e != io.EOF {

+				err = e

+			}

+			break

+		}

+		if strings.HasPrefix(line, "CapB") {

+			fmt.Sscanf(line[4:], "nd:  %08x%08x", &c.bounds[1], &c.bounds[0])

+			break

+		}

+	}

+	f.Close()

+

+	return

+}

+

+func (c *capsV3) Apply(kind CapType) (err error) {

+	if kind&BOUNDS == BOUNDS {

+		var data [2]capData

+		err = capget(&c.hdr, &data[0])

+		if err != nil {

+			return

+		}

+		if (1<<uint(CAP_SETPCAP))&data[0].effective != 0 {

+			for i := Cap(0); i <= CAP_LAST_CAP; i++ {

+				if c.Get(BOUNDING, i) {

+					continue

+				}

+				err = prctl(syscall.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0)

+				if err != nil {

+					return

+				}

+			}

+		}

+	}

+

+	if kind&CAPS == CAPS {

+		return capset(&c.hdr, &c.data[0])

+	}

+

+	return

+}

+

+func newFile(path string) (c Capabilities, err error) {

+	c = &capsFile{path: path}

+	err = c.Load()

+	if err != nil {

+		c = nil

+	}

+	return

+}

+

+type capsFile struct {

+	path string

+	data vfscapData

+}

+

+func (c *capsFile) Get(which CapType, what Cap) bool {

+	var i uint

+	if what > 31 {

+		if c.data.version == 1 {

+			return false

+		}

+		i = uint(what) >> 5

+		what %= 32

+	}

+

+	switch which {

+	case EFFECTIVE:

+		return (1<<uint(what))&c.data.effective[i] != 0

+	case PERMITTED:

+		return (1<<uint(what))&c.data.data[i].permitted != 0

+	case INHERITABLE:

+		return (1<<uint(what))&c.data.data[i].inheritable != 0

+	}

+

+	return false

+}

+

+func (c *capsFile) getData(which CapType, dest []uint32) {

+	switch which {

+	case EFFECTIVE:

+		dest[0] = c.data.effective[0]

+		dest[1] = c.data.effective[1]

+	case PERMITTED:

+		dest[0] = c.data.data[0].permitted

+		dest[1] = c.data.data[1].permitted

+	case INHERITABLE:

+		dest[0] = c.data.data[0].inheritable

+		dest[1] = c.data.data[1].inheritable

+	}

+}

+

+func (c *capsFile) Empty(which CapType) bool {

+	var data [2]uint32

+	c.getData(which, data[:])

+	return data[0] == 0 && data[1] == 0

+}

+

+func (c *capsFile) Full(which CapType) bool {

+	var data [2]uint32

+	c.getData(which, data[:])

+	if c.data.version == 0 {

+		return (data[0] & 0x7fffffff) == 0x7fffffff

+	}

+	if (data[0] & 0xffffffff) != 0xffffffff {

+		return false

+	}

+	return (data[1] & capUpperMask) == capUpperMask

+}

+

+func (c *capsFile) Set(which CapType, caps ...Cap) {

+	for _, what := range caps {

+		var i uint

+		if what > 31 {

+			if c.data.version == 1 {

+				continue

+			}

+			i = uint(what) >> 5

+			what %= 32

+		}

+

+		if which&EFFECTIVE != 0 {

+			c.data.effective[i] |= 1 << uint(what)

+		}

+		if which&PERMITTED != 0 {

+			c.data.data[i].permitted |= 1 << uint(what)

+		}

+		if which&INHERITABLE != 0 {

+			c.data.data[i].inheritable |= 1 << uint(what)

+		}

+	}

+}

+

+func (c *capsFile) Unset(which CapType, caps ...Cap) {

+	for _, what := range caps {

+		var i uint

+		if what > 31 {

+			if c.data.version == 1 {

+				continue

+			}

+			i = uint(what) >> 5

+			what %= 32

+		}

+

+		if which&EFFECTIVE != 0 {

+			c.data.effective[i] &= ^(1 << uint(what))

+		}

+		if which&PERMITTED != 0 {

+			c.data.data[i].permitted &= ^(1 << uint(what))

+		}

+		if which&INHERITABLE != 0 {

+			c.data.data[i].inheritable &= ^(1 << uint(what))

+		}

+	}

+}

+

+func (c *capsFile) Fill(kind CapType) {

+	if kind&CAPS == CAPS {

+		c.data.effective[0] = 0xffffffff

+		c.data.data[0].permitted = 0xffffffff

+		c.data.data[0].inheritable = 0

+		if c.data.version == 2 {

+			c.data.effective[1] = 0xffffffff

+			c.data.data[1].permitted = 0xffffffff

+			c.data.data[1].inheritable = 0

+		}

+	}

+}

+

+func (c *capsFile) Clear(kind CapType) {

+	if kind&CAPS == CAPS {

+		c.data.effective[0] = 0

+		c.data.data[0].permitted = 0

+		c.data.data[0].inheritable = 0

+		if c.data.version == 2 {

+			c.data.effective[1] = 0

+			c.data.data[1].permitted = 0

+			c.data.data[1].inheritable = 0

+		}

+	}

+}

+

+func (c *capsFile) StringCap(which CapType) (ret string) {

+	return mkStringCap(c, which)

+}

+

+func (c *capsFile) String() (ret string) {

+	return mkString(c, INHERITABLE)

+}

+

+func (c *capsFile) Load() (err error) {

+	return getVfsCap(c.path, &c.data)

+}

+

+func (c *capsFile) Apply(kind CapType) (err error) {

+	if kind&CAPS == CAPS {

+		return setVfsCap(c.path, &c.data)

+	}

+	return

+}

new file mode 100644

@@ -0,0 +1,19 @@

+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>

+// All rights reserved.

+//

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+

+// +build !linux

+

+package capability

+

+import "errors"

+

+func newPid(pid int) (Capabilities, error) {

+	return nil, errors.New("not supported")

+}

+

+func newFile(path string) (Capabilities, error) {

+	return nil, errors.New("not supported")

+}

new file mode 100644

@@ -0,0 +1,83 @@

+// Copyright (c) 2013, Suryandaru Triandana <syndtr@gmail.com>

+// All rights reserved.

+//

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+

+package capability

+

+import "testing"

+

+func TestState(t *testing.T) {

+	testEmpty := func(name string, c Capabilities, whats CapType) {

+		for i := CapType(1); i <= BOUNDING; i <<= 1 {

+			if (i&whats) != 0 && !c.Empty(i) {

+				t.Errorf(name+": capabilities set %q wasn't empty", i)

+			}

+		}

+	}

+	testFull := func(name string, c Capabilities, whats CapType) {

+		for i := CapType(1); i <= BOUNDING; i <<= 1 {

+			if (i&whats) != 0 && !c.Full(i) {

+				t.Errorf(name+": capabilities set %q wasn't full", i)

+			}

+		}

+	}

+	testPartial := func(name string, c Capabilities, whats CapType) {

+		for i := CapType(1); i <= BOUNDING; i <<= 1 {

+			if (i&whats) != 0 && (c.Empty(i) || c.Full(i)) {

+				t.Errorf(name+": capabilities set %q wasn't partial", i)

+			}

+		}

+	}

+	testGet := func(name string, c Capabilities, whats CapType, max Cap) {

+		for i := CapType(1); i <= BOUNDING; i <<= 1 {

+			if (i & whats) == 0 {

+				continue

+			}

+			for j := Cap(0); j <= max; j++ {

+				if !c.Get(i, j) {

+					t.Errorf(name+": capability %q wasn't found on %q", j, i)

+				}

+			}