Reveal information about container capabilities

I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #1335
Approved by: TomSweeneyRedHat

docs/podman-inspect.1.md

@@ -96,6 +96,11 @@ overlay
 size:   4405240
 ```
 
+```
+podman inspect --latest --format {{.EffectiveCaps}}
+[CAP_CHOWN CAP_DAC_OVERRIDE CAP_FSETID CAP_FOWNER CAP_MKNOD CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETFCAP CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_SYS_CHROOT CAP_KILL CAP_AUDIT_WRITE]
+```
+
 ## SEE ALSO
 podman(1)
 

libpod/container_inspect.go

@@ -79,6 +79,8 @@ func (c *Container) getContainerInspectData(size bool, driverData *inspect.Data)
 		Name:            config.Name,
 		Driver:          driverData.Name,
 		MountLabel:      config.MountLabel,
+		EffectiveCaps:   spec.Process.Capabilities.Effective,
+		BoundingCaps:    spec.Process.Capabilities.Bounding,
 		ProcessLabel:    spec.Process.SelinuxLabel,
 		AppArmorProfile: spec.Process.ApparmorProfile,
 		ExecIDs:         execIDs,

pkg/inspect/inspect.go

@@ -161,6 +161,8 @@ type ContainerInspectData struct {
 	MountLabel      string                 `json:"MountLabel"`
 	ProcessLabel    string                 `json:"ProcessLabel"`
 	AppArmorProfile string                 `json:"AppArmorProfile"`
+	EffectiveCaps   []string               `json:"EffectiveCaps"`
+	BoundingCaps    []string               `json:"BoundingCaps"`
 	ExecIDs         []string               `json:"ExecIDs"`
 	GraphDriver     *Data                  `json:"GraphDriver"`
 	SizeRw          int64                  `json:"SizeRw,omitempty"`