Change capabilities

cugu · Jan 12, 2022 · d43922a · d43922a
1 parent 4d86af7
commit d43922a
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -116,11 +116,11 @@ github.com/pkg/errors
 
 ## Capabilities
 
-| Name    | Description                                                                                                                         | Packages           |
-|---------|-------------------------------------------------------------------------------------------------------------------------------------|--------------------|
-| file    | Read and write access to files                                                                                                      | os io/ioutil       |
-| network | Read and write to the network                                                                                                       | net net/http       |
-| execute | Execute other binaries                                                                                                              | os/exec reflect    |
-| runtime | Access system information                                                                                                           | runtime            |
-| syscall | Perform any system call in context of the software. Unsafe might indicate a //go:linkname and login of external C or assembler code | syscall, C, unsafe |
-
+| Name    | Description                                                                                                                         | Packages     |
+|---------|-------------------------------------------------------------------------------------------------------------------------------------|--------------|
+| file    | Read and write access to files                                                                                                      | os io/ioutil |
+| network | Read and write to the network                                                                                                       | net net/http |
+| execute | Execute other binaries                                                                                                              | os/exec      |
+| syscall | Perform any system call in context of the software                                                                                  | syscall, C   |
+| unsafe  | Usage of the unsafe package in combination with a //go:linkname compiler directive can be used to load external C or assembler code | unsafe       |
+| reflect | reflect.NewAt in combination with reflect#Value.Call might be used call arbitrary functions                                         | reflect      |
diff --git a/capabilities.go b/capabilities.go
@@ -9,9 +9,8 @@ var permissionMap = map[string][]string{
 	"net/http":  {"network"},
 	"os/exec":   {"execute"},
 	"syscall":   {"syscall"},
-	"runtime":   {"runtime"},
-	"reflect":   {"execute"},
-	"unsafe":    {"syscall"},
+	"reflect":   {"reflect"},
+	"unsafe":    {"unsafe"},
 }
 
 func toCapabilities(dependencies []string) []string {

diff --git a/go.cap b/go.cap
@@ -1,4 +1,4 @@
 github.com/cugu/gocap (execute, file)
 
-github.com/alecthomas/kong (file, syscall)
-github.com/pkg/errors (runtime)
+github.com/alecthomas/kong (file, syscall, reflect, unsafe)
+github.com/alecthomas/participle/v2 (reflect)