Update module github.com/moby/sys/capability to v0.3.0

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

go.mod

@@ -48,7 +48,7 @@ require (
 	github.com/mattn/go-shellwords v1.0.12
 	github.com/mattn/go-sqlite3 v1.14.23
 	github.com/mdlayher/vsock v1.2.1
-	github.com/moby/sys/capability v0.2.0
+	github.com/moby/sys/capability v0.3.0
 	github.com/moby/sys/user v0.3.0
 	github.com/moby/term v0.5.0
 	github.com/nxadm/tail v1.4.11

go.sum

@@ -365,8 +365,8 @@ github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3N
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/sys/capability v0.2.0 h1:OJtbqfthavtfh1kycvEhMvY7/M2BHscP2fiXgzKI3sk=
+github.com/moby/sys/capability v0.3.0 h1:kEP+y6te0gEXIaeQhIi0s7vKs/w0RPoH1qPa6jROcVg=
-github.com/moby/sys/capability v0.2.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I=
+github.com/moby/sys/capability v0.3.0/go.mod h1:4g9IK291rVkms3LKCDOoYlnV8xKwoDTpIrNEE35Wq0I=
 github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
 github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=

vendor/github.com/moby/sys/capability/CHANGELOG.md

@@ -5,7 +5,20 @@ from https://github.com/syndtr/gocapability/commit/42c35b4376354fd5.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## 0.2.0 - 2024-09-16
+## [0.3.0] - 2024-09-25
+
+### Added
+* Added [ListKnown] and [ListSupported] functions. (#153)
+* [LastCap] is now available on non-Linux platforms (where it returns an error). (#152)
+
+### Changed
+* [List] is now deprecated in favor of [ListKnown] and [ListSupported]. (#153)
+
+### Fixed
+* Various documentation improvements. (#151)
+* Fix "generated code" comment. (#153)
+
+## [0.2.0] - 2024-09-16
 
 This is the first release after the move to a new home in
 github.com/moby/sys/capability.
@@ -53,8 +66,13 @@ This is an initial release since the fork.
 <!-- Doc links. -->
 [Apply]: https://pkg.go.dev/github.com/moby/sys/capability#Capabilities.Apply
 [LastCap]: https://pkg.go.dev/github.com/moby/sys/capability#LastCap
+[List]: https://pkg.go.dev/github.com/moby/sys/capability#List
+[ListKnown]: https://pkg.go.dev/github.com/moby/sys/capability#ListKnown
+[ListSupported]: https://pkg.go.dev/github.com/moby/sys/capability#ListSupported
 
 <!-- Minor releases. -->
+[0.3.0]: https://github.com/moby/sys/releases/tag/capability%2Fv0.3.0
+[0.2.0]: https://github.com/moby/sys/releases/tag/capability%2Fv0.2.0
 [0.1.1]: https://github.com/kolyshkin/capability/compare/v0.1.0...v0.1.1
 [0.1.0]: https://github.com/kolyshkin/capability/compare/42c35b4376354fd5...v0.1.0
 

vendor/github.com/moby/sys/capability/README.md

@@ -2,6 +2,8 @@ This is a fork of (apparently no longer maintained)
 https://github.com/syndtr/gocapability package. It provides basic primitives to
 work with [Linux capabilities][capabilities(7)].
 
+For changes, see [CHANGELOG.md](./CHANGELOG.md).
+
 [![Go Reference](https://pkg.go.dev/badge/github.com/moby/sys/capability/capability.svg)](https://pkg.go.dev/github.com/moby/sys/capability)
 
 ## Alternatives

vendor/github.com/moby/sys/capability/capability.go

@@ -61,25 +61,26 @@ type Capabilities interface {
 	Apply(kind CapType) error
 }
 
-// NewPid initializes a new Capabilities object for given pid when
+// NewPid initializes a new [Capabilities] object for given pid when
 // it is nonzero, or for the current process if pid is 0.
 //
-// Deprecated: Replace with NewPid2.  For example, replace:
+// Deprecated: Replace with [NewPid2] followed by [Capabilities.Load].
+// For example, replace:
 //
 //	c, err := NewPid(0)
 //	if err != nil {
-//	  return err
+//		return err
 //	}
 //
 // with:
 //
 //	c, err := NewPid2(0)
 //	if err != nil {
-//	  return err
+//		return err
 //	}
 //	err = c.Load()
 //	if err != nil {
-//	  return err
+//		return err
 //	}
 func NewPid(pid int) (Capabilities, error) {
 	c, err := newPid(pid)
@@ -90,32 +91,33 @@ func NewPid(pid int) (Capabilities, error) {
 	return c, err
 }
 
-// NewPid2 initializes a new Capabilities object for given pid when
+// NewPid2 initializes a new [Capabilities] object for given pid when
-// it is nonzero, or for the current process if pid is 0.  This
+// it is nonzero, or for the current process if pid is 0. This
 // does not load the process's current capabilities; to do that you
-// must call Load explicitly.
+// must call [Capabilities.Load] explicitly.
 func NewPid2(pid int) (Capabilities, error) {
 	return newPid(pid)
 }
 
 // NewFile initializes a new Capabilities object for given file path.
 //
-// Deprecated: Replace with NewFile2.  For example, replace:
+// Deprecated: Replace with [NewFile2] followed by [Capabilities.Load].
+// For example, replace:
 //
 //	c, err := NewFile(path)
 //	if err != nil {
-//	  return err
+//		return err
 //	}
 //
 // with:
 //
 //	c, err := NewFile2(path)
 //	if err != nil {
-//	  return err
+//		return err
 //	}
 //	err = c.Load()
 //	if err != nil {
-//	  return err
+//		return err
 //	}
 func NewFile(path string) (Capabilities, error) {
 	c, err := newFile(path)
@@ -126,9 +128,17 @@ func NewFile(path string) (Capabilities, error) {
 	return c, err
 }
 
-// NewFile2 creates a new initialized Capabilities object for given
+// NewFile2 creates a new initialized [Capabilities] object for given
-// file path.  This does not load the process's current capabilities;
+// file path. This does not load the process's current capabilities;
-// to do that you must call Load explicitly.
+// to do that you must call [Capabilities.Load] explicitly.
 func NewFile2(path string) (Capabilities, error) {
 	return newFile(path)
 }
+
+// LastCap returns highest valid capability of the running kernel,
+// or an error if it can not be obtained.
+//
+// See also: [ListSupported].
+func LastCap() (Cap, error) {
+	return lastCap()
+}

vendor/github.com/moby/sys/capability/capability_linux.go

@@ -25,11 +25,6 @@ const (
 	linuxCapVer3 = 0x20080522
 )
 
-// LastCap returns highest valid capability of the running kernel.
-func LastCap() (Cap, error) {
-	return lastCap()
-}
-
 var lastCap = sync.OnceValues(func() (Cap, error) {
 	f, err := os.Open("/proc/sys/kernel/cap_last_cap")
 	if err != nil {

vendor/github.com/moby/sys/capability/capability_noop.go

@@ -11,10 +11,16 @@ package capability
 
 import "errors"
 
-func newPid(pid int) (Capabilities, error) {
+var errNotSup = errors.New("not supported")
-	return nil, errors.New("not supported")
+
+func newPid(_ int) (Capabilities, error) {
+	return nil, errNotSup
 }
 
-func newFile(path string) (Capabilities, error) {
+func newFile(_ string) (Capabilities, error) {
-	return nil, errors.New("not supported")
+	return nil, errNotSup
+}
+
+func lastCap() (Cap, error) {
+	return -1, errNotSup
 }

vendor/github.com/moby/sys/capability/enum.go

@@ -7,6 +7,8 @@
 
 package capability
 
+import "slices"
+
 type CapType uint
 
 func (c CapType) String() string {
@@ -301,3 +303,28 @@ const (
 	// Introduced in kernel 5.9
 	CAP_CHECKPOINT_RESTORE = Cap(40)
 )
+
+// List returns the list of all capabilities known to the package.
+//
+// Deprecated: use [ListKnown] or [ListSupported] instead.
+func List() []Cap {
+	return ListKnown()
+}
+
+// ListKnown returns the list of all capabilities known to the package.
+func ListKnown() []Cap {
+	return list()
+}
+
+// ListSupported retuns the list of all capabilities known to the package,
+// except those that are not supported by the currently running Linux kernel.
+func ListSupported() ([]Cap, error) {
+	last, err := LastCap()
+	if err != nil {
+		return nil, err
+	}
+	return slices.DeleteFunc(list(), func(c Cap) bool {
+		// Remove caps not supported by the kernel.
+		return c > last
+	}), nil
+}

vendor/github.com/moby/sys/capability/enum_gen.go

@@ -1,4 +1,4 @@
-// generated file; DO NOT EDIT - use go generate in directory with source
+// Code generated by go generate; DO NOT EDIT.
 
 package capability
 
@@ -90,8 +90,7 @@ func (c Cap) String() string {
 	return "unknown"
 }
 
-// List returns list of all supported capabilities
+func list() []Cap {
-func List() []Cap {
 	return []Cap{
 		CAP_CHOWN,
 		CAP_DAC_OVERRIDE,

vendor/modules.txt

@@ -806,7 +806,7 @@ github.com/moby/docker-image-spec/specs-go/v1
 # github.com/moby/patternmatcher v0.6.0
 ## explicit; go 1.19
 github.com/moby/patternmatcher
-# github.com/moby/sys/capability v0.2.0
+# github.com/moby/sys/capability v0.3.0
 ## explicit; go 1.21
 github.com/moby/sys/capability
 # github.com/moby/sys/mountinfo v0.7.2