From 97537ca87d8b34dbe6239ad30a88c10990e1ff0f Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Sun, 6 Oct 2024 14:33:14 -0700
Subject: [PATCH] capability: add/use ignoreEINVAL

This is mostly to simplify the code.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 capability/capability_linux.go | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/capability/capability_linux.go b/capability/capability_linux.go
index aa600e1..638fa3f 100644
--- a/capability/capability_linux.go
+++ b/capability/capability_linux.go
@@ -343,13 +343,9 @@ func (c *capsV3) Apply(kind CapType) (err error) {
 				if c.Get(BOUNDING, i) {
 					continue
 				}
-				err = prctl(syscall.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0)
+				// Ignore EINVAL since the capability may not be supported in this system.
+				err = ignoreEINVAL(prctl(syscall.PR_CAPBSET_DROP, uintptr(i), 0, 0, 0))
 				if err != nil {
-					// Ignore EINVAL since the capability may not be supported in this system.
-					if err == syscall.EINVAL { //nolint:errorlint // Errors from syscall are bare.
-						err = nil
-						continue
-					}
 					return
 				}
 			}
@@ -369,13 +365,9 @@ func (c *capsV3) Apply(kind CapType) (err error) {
 			if c.Get(AMBIENT, i) {
 				action = pr_CAP_AMBIENT_RAISE
 			}
-			err = prctl(pr_CAP_AMBIENT, action, uintptr(i), 0, 0)
+			// Ignore EINVAL as not supported on kernels before 4.3.
+			err = ignoreEINVAL(prctl(pr_CAP_AMBIENT, action, uintptr(i), 0, 0))
 			if err != nil {
-				// Ignore EINVAL as not supported on kernels before 4.3
-				if err == syscall.EINVAL { //nolint:errorlint // Errors from syscall are bare.
-					err = nil
-					continue
-				}
 				return
 			}
 		}
@@ -539,3 +531,10 @@ func (c *capsFile) Apply(kind CapType) (err error) {
 	}
 	return
 }
+
+func ignoreEINVAL(err error) error {
+	if errors.Is(err, syscall.EINVAL) {
+		err = nil
+	}
+	return err
+}