Documentation
¶
Overview ¶
Package caps detects whether the running process can bind TCP/UDP ports without root, accounting for CAP_NET_BIND_SERVICE and the per-netns ip_unprivileged_port_start sysctl.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PortBinder ¶
type PortBinder interface {
CanBind(port uint16) bool
// MinUnprivilegedPort is the lowest port the process can bind to without
// CAP_NET_BIND_SERVICE. Useful for diagnostic messages.
MinUnprivilegedPort() uint16
// HasNetBindService reports whether CAP_NET_BIND_SERVICE is in the
// effective capability set.
HasNetBindService() bool
}
PortBinder reports whether the running process can bind to a given port in its current network namespace and capability set.
func Detect ¶
func Detect(ctx context.Context, logger *slog.Logger) PortBinder
Detect reads /proc to determine the effective bind capabilities of the current process. On read errors it falls back to the conservative defaults (minUnprivPort=1024, hasNetBind=false) and logs the failure.
func Static ¶
func Static(minUnprivPort uint16, hasNetBind bool) PortBinder
Static returns a PortBinder with fixed values. Used for tests and as the non-Linux fallback.
Source Files
Click to show internal directories.
Click to hide internal directories.