1 files changed, 27 insertions, 6 deletions

diff --git a/cap/cap.go b/cap/cap.go
index 908e2bb..784bf65 100644
--- a/cap/cap.go
+++ b/cap/cap.go
@@ -28,7 +28,7 @@
 //       log.Fatalf("failed to drop privilege: %q -> %q: %v", old, empty, err)
 //   }
 //   now := cap.GetProc()
-//   if cf, _ := now.Compare(empty); cf != 0 {
+//   if cf, _ := now.Cf(empty); cf != 0 {
 //       log.Fatalf("failed to fully drop privilege: have=%q, wanted=%q", now, empty)
 //   }
 //
@@ -103,6 +103,15 @@ const (
 	Inheritable
 )
 
+// Diff summarizes the result of the (*Set).Cf() function.
+type Diff uint
+
+const (
+	effectiveDiff   Diff = 1 << Effective
+	permittedDiff   Diff = 1 << Permitted
+	inheritableDiff Diff = 1 << Inheritable
+)
+
 // String identifies a Flag value by its conventional "e", "p" or "i"
 // string abbreviation.
 func (f Flag) String() string {
@@ -309,10 +318,18 @@ func NewSet() *Set {
 // request of the Set is invalid in some way.
 var ErrBadSet = errors.New("bad capability set")
 
+// good confirms that c looks valid.
+func (c *Set) good() error {
+	if c == nil || len(c.flat) == 0 {
+		return ErrBadSet
+	}
+	return nil
+}
+
 // Dup returns a copy of the specified capability set.
 func (c *Set) Dup() (*Set, error) {
-	if c == nil || len(c.flat) == 0 {
-		return nil, ErrBadSet
+	if err := c.good(); err != nil {
+		return nil, err
 	}
 	n := NewSet()
 	c.mu.RLock()
@@ -343,10 +360,9 @@ func GetProc() *Set {
 	return c
 }
 
+// setProc uses syscaller to set process capabilities.  Note, c is
+// either private to or (read) locked by the caller.
 func (sc *syscaller) setProc(c *Set) error {
-	if c == nil || len(c.flat) == 0 {
-		return ErrBadSet
-	}
 	return sc.capwcall(syscall.SYS_CAPSET, &header{magic: magic}, c.flat)
 }
 
@@ -360,8 +376,13 @@ func (sc *syscaller) setProc(c *Set) error {
 // function as part of a (*Launcher).Launch(), the call only sets the
 // capabilities of the thread being used to perform the launch.
 func (c *Set) SetProc() error {
+	if err := c.good(); err != nil {
+		return err
+	}
 	state, sc := scwStateSC()
 	defer scwSetState(launchBlocked, state, -1)
+	c.mu.RLock()
+	defer c.mu.RUnlock()
 	return sc.setProc(c)
 }