Documentation ¶
Index ¶
- Constants
- Variables
- func CanIdmapMount(path string, fstype string) bool
- func GetCaps(path string) ([]byte, error)
- func JSONMarshal(idmapSet *IdmapSet) (string, error)
- func SetCaps(path string, caps []byte, uid int64) error
- func ShiftACL(path string, shiftIDs func(uid int64, gid int64) (int64, int64)) error
- func ShiftOwner(basepath string, path string, uid int, gid int) error
- func SupportsVFS3Fscaps(prefix string) bool
- func UnshiftACL(value string, set *IdmapSet) (string, error)
- func UnshiftCaps(value string, set *IdmapSet) (string, error)
- type ByHostid
- type IdRange
- type IdmapEntry
- type IdmapSet
- func (m *IdmapSet) AddSafe(i IdmapEntry) error
- func (m IdmapSet) Append(s string) (IdmapSet, error)
- func (m *IdmapSet) Equals(other *IdmapSet) bool
- func (m IdmapSet) HostidsIntersect(i IdmapEntry) bool
- func (m IdmapSet) Intersects(i IdmapEntry) bool
- func (m IdmapSet) Len() int
- func (m IdmapSet) Less(i, j int) bool
- func (set *IdmapSet) ShiftFile(p string) error
- func (m IdmapSet) ShiftFromNs(uid int64, gid int64) (int64, int64)
- func (m IdmapSet) ShiftIntoNs(uid int64, gid int64) (int64, int64)
- func (set *IdmapSet) ShiftRootfs(p string, skipper func(dir string, absPath string, fi os.FileInfo) bool) error
- func (m IdmapSet) Swap(i, j int)
- func (m IdmapSet) ToGidMappings() []syscall.SysProcIDMap
- func (m IdmapSet) ToLxcString() []string
- func (m IdmapSet) ToUidMappings() []syscall.SysProcIDMap
- func (set *IdmapSet) UidshiftFromContainer(dir string, testmode bool) error
- func (set *IdmapSet) UidshiftIntoContainer(dir string, testmode bool) error
- func (set *IdmapSet) UnshiftRootfs(p string, skipper func(dir string, absPath string, fi os.FileInfo) bool) error
- func (m IdmapSet) Usable() error
- func (m IdmapSet) ValidRanges() ([]*IdRange, error)
- type IdmapStorageType
Constants ¶
const ( IdmapStorageNone = "none" IdmapStorageIdmapped = "idmapped" )
Define IdmapStorageType type values
const VFS3FscapsSupported int32 = 1
const VFS3FscapsUnknown int32 = -1
const VFS3FscapsUnsupported int32 = 0
Variables ¶
var ErrHostIdIsSubId = fmt.Errorf("Host id is in the range of subids")
var ErrNoUserMap = fmt.Errorf("No map found for user")
var VFS3Fscaps int32 = VFS3FscapsUnknown
Functions ¶
func CanIdmapMount ¶
CanIdmapMount checks if (fstype) filesystem supports idmapped mounts
func JSONMarshal ¶
JSONMarshal marshals an IDMAP to JSON string.
func ShiftOwner ¶
ShiftOwner updates uid and gid for a file when entering/exiting a namespace
func SupportsVFS3Fscaps ¶
SupportsVFS3Fscaps checks if VFS3Fscaps are supported
func UnshiftACL ¶
UnshiftACL performs an UID/GID unshift on the ACL xattr value in accordance with idmap (set) provided
Types ¶
type ByHostid ¶
type ByHostid []*IdmapEntry
type IdmapEntry ¶
type IdmapEntry struct { Isuid bool Isgid bool Hostid int64 // id as seen on the host - i.e. 100000 Nsid int64 // id as seen in the ns - i.e. 0 Maprange int64 }
IdmapEntry is a single idmap entry (line).
func Extend ¶
func Extend(slice []IdmapEntry, element IdmapEntry) []IdmapEntry
taken from http://blog.golang.org/slices (which is under BSD licence).
func ParseRawIdmap ¶
func ParseRawIdmap(value string) ([]IdmapEntry, error)
ParseRawIdmap parses an IDMAP string.
func (*IdmapEntry) HostIDsCoveredBy ¶
func (e *IdmapEntry) HostIDsCoveredBy(allowedHostUIDs []IdmapEntry, allowedHostGIDs []IdmapEntry) bool
HostIDsCoveredBy returns whether or not the entry is covered by the supplied host UID and GID ID maps. If e.Isuid is true then host IDs must be covered by an entry in allowedHostUIDs, and if e.Isgid is true then host IDs must be covered by an entry in allowedHostGIDs.
func (*IdmapEntry) HostidsIntersect ¶
func (e *IdmapEntry) HostidsIntersect(i IdmapEntry) bool
func (*IdmapEntry) Intersects ¶
func (e *IdmapEntry) Intersects(i IdmapEntry) bool
func (*IdmapEntry) ToLxcString ¶
func (e *IdmapEntry) ToLxcString() []string
func (*IdmapEntry) Usable ¶
func (e *IdmapEntry) Usable() error
type IdmapSet ¶
type IdmapSet struct {
Idmap []IdmapEntry
}
IdmapSet is a list of IdmapEntry with some functions on it.
func CurrentIdmapSet ¶
* Create an idmap of the current allocation.
func DefaultIdmapSet ¶
* Create a new default idmap.
func JSONUnmarshal ¶
JSONUnmarshal unmarshals an IDMAP encoded as JSON.
func (*IdmapSet) AddSafe ¶
func (m *IdmapSet) AddSafe(i IdmapEntry) error
AddSafe adds an entry to the idmap set, breaking apart any ranges that the * new idmap intersects with in the process.
func (IdmapSet) HostidsIntersect ¶
func (m IdmapSet) HostidsIntersect(i IdmapEntry) bool
func (IdmapSet) Intersects ¶
func (m IdmapSet) Intersects(i IdmapEntry) bool
func (*IdmapSet) ShiftRootfs ¶
func (IdmapSet) ToGidMappings ¶
func (m IdmapSet) ToGidMappings() []syscall.SysProcIDMap
func (IdmapSet) ToLxcString ¶
func (IdmapSet) ToUidMappings ¶
func (m IdmapSet) ToUidMappings() []syscall.SysProcIDMap
func (*IdmapSet) UidshiftFromContainer ¶
func (*IdmapSet) UidshiftIntoContainer ¶
func (*IdmapSet) UnshiftRootfs ¶
func (IdmapSet) ValidRanges ¶
type IdmapStorageType ¶
type IdmapStorageType string
IdmapStorageType represents a file system idmapping type