Realign around the evolving Go support for POSIX semantics syscalls.

I've moved my go.patch to address: golang/go#1435 into a development patch against the upstream Go sources: https://go-review.googlesource.com/c/go/+/210639/ and the review process will likely evolve it somewhat. I plan to ensure that working libcap/cap Go package is in sync with the working state of the above development change. As such, there is no need to keep the patch here any more. I'll keep the tests for now, as it isn't clear to me how the Go source tree supports tests that require privilege yet. Signed-off-by: Andrew G. Morgan <[email protected]>
MotorolaMobilityLLC · Dec 11, 2019 · 1be8ec7 · 1be8ec7
1 parent 35b5516
commit 1be8ec7
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 1,893 deletions.
diff --git a/cap/cap.go b/cap/cap.go
@@ -5,12 +5,13 @@
 // POSIX semantics system calls that manipulate process state.
 //
 // If the Go runtime syscall interface contains the
-// syscall.PosixSyscall() API then then this package will use that to
-// invoke capability setting system calls for pure Go binaries. To
-// force this behavior use the CGO_ENABLED=0 environment variable.
+// syscall.PerOSThreadSyscall() API then then this package will use
+// that to invoke capability setting system calls for pure Go
+// binaries. To force this behavior use the CGO_ENABLED=0 environment
+// variable.
 //
-// If syscall.PosixSyscall() is not present, the "libcap/cap" package
-// will failover to using "libcap/psx".
+// If syscall.PerOSThreadSyscall() is not present, the "libcap/cap"
+// package will failover to using "libcap/psx".
 package cap
 
 import (

diff --git a/contrib/golang/README b/contrib/golang/README
@@ -1,14 +1,11 @@
-This directory contains the code needed to enable POSIX system calls
-in the Go runtime for linux.
+This directory contains some test code for system calls that need
+POSIX semantics to work under Go. There are 9 system calls wrapped in
+a nptl:setxid mechanism in glibc, and the following development patch
+adds support for these 9 to native Go.
 
-  go.patch
+https://go-review.googlesource.com/c/go/+/210639/
 
-It also contains two test programs that verify that the patched go
-runtime supports all of the set* groups and uids glibc equivalents
-both with and without cgo compilation. In the latter case, the
-syscall.Setuid() etc are redirected to the glibc equivalents, which
-consistently (thanks to nptl:setxid) cause all threads to maintain
-consistent [gu]id state.
+The Go support works with or without CGO_ENABLED.
 
 With a patched Go runtime library:
 
@@ -18,5 +15,9 @@ With a patched Go runtime library:
 
 should validate that all is working as intended.
 
+The above Go patch also exposes the mechanism that achieves this in
+the Go runtime, to ensure that the native Go "libcap/cap" package can
+work with and without CGO_ENABLED.
+
 Andrew G. Morgan <[email protected]>
-2019-11-30
+2019-12-10