#!/bin/bash

# Allow environment variables to override grep and config
: ${CONFIG:=/proc/config.gz}
: ${GREP:=zgrep}

SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \\033[0;39m"

is_enabled() {
    mandatory=$2
    $GREP -q "$1=[y|m]" $CONFIG
    RES=$?

    if [ $RES = 0 ]; then
	$SETCOLOR_SUCCESS && echo -e "enabled" && $SETCOLOR_NORMAL
    else
	if [ ! -z "$mandatory" -a "$mandatory" = yes ]; then
	    $SETCOLOR_FAILURE && echo -e "disabled" && $SETCOLOR_NORMAL
	else
	    $SETCOLOR_WARNING && echo -e "disabled" && $SETCOLOR_NORMAL
	fi
    fi
}

if [ ! -f $CONFIG ]; then
    echo "Kernel config $CONFIG not found, looking in other places..."
    KVER="`uname -r`"
    HEADERS_CONFIG="/lib/modules/$KVER/build/.config"
    BOOT_CONFIG="/boot/config-$KVER"
    [ -f "${HEADERS_CONFIG}" ] && CONFIG=${HEADERS_CONFIG}
    [ -f "${BOOT_CONFIG}" ] && CONFIG=${BOOT_CONFIG}
    GREP=grep
    if [ ! -f $CONFIG ]; then
        echo
        echo "The kernel configuration can not be retrieved"
        echo "Please recompile with IKCONFIG_PROC or install the kernel headers"
        echo
        exit 1
    else
        echo "Found kernel config file $CONFIG"
    fi
fi

echo "--- Namespaces ---"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES
echo
echo "--- Control groups ---"
echo -n "Cgroup: " && is_enabled CONFIG_CGROUPS
echo -n "Cgroup namespace: " && is_enabled CONFIG_CGROUP_NS
echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
echo -n "Cgroup memory controller: " && is_enabled CONFIG_CGROUP_MEM_RES_CTLR
echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS
echo
echo "--- Misc ---"
echo -n "Veth pair device: " && is_enabled CONFIG_VETH
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN
echo -n "File capabilities: " && is_enabled CONFIG_SECURITY_FILE_CAPABILITIES
