idmap

package
v0.0.0-...-4df9163 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: AGPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source
const (
	IdmapStorageNone     = "none"
	IdmapStorageIdmapped = "idmapped"
)

Define IdmapStorageType type values

View Source
const VFS3FscapsSupported int32 = 1
View Source
const VFS3FscapsUnknown int32 = -1
View Source
const VFS3FscapsUnsupported int32 = 0

Variables

View Source
var ErrHostIdIsSubId = fmt.Errorf("Host id is in the range of subids")
View Source
var ErrNoUserMap = fmt.Errorf("No map found for user")

Functions

func CanIdmapMount

func CanIdmapMount(path string, fstype string) bool

CanIdmapMount checks if (fstype) filesystem supports idmapped mounts

func GetCaps

func GetCaps(path string) ([]byte, error)

GetCaps extracts the list of capabilities effective on the file

func JSONMarshal

func JSONMarshal(idmapSet *IdmapSet) (string, error)

JSONMarshal marshals an IDMAP to JSON string.

func SetCaps

func SetCaps(path string, caps []byte, uid int64) error

SetCaps applies the caps for a particular root uid

func ShiftACL

func ShiftACL(path string, shiftIDs func(uid int64, gid int64) (int64, int64)) error

ShiftACL updates uid and gid for file ACLs when entering/exiting a namespace

func ShiftOwner

func ShiftOwner(basepath string, path string, uid int, gid int) error

ShiftOwner updates uid and gid for a file when entering/exiting a namespace

func SupportsVFS3Fscaps

func SupportsVFS3Fscaps(prefix string) bool

SupportsVFS3Fscaps checks if VFS3Fscaps are supported

func UnshiftACL

func UnshiftACL(value string, set *IdmapSet) (string, error)

UnshiftACL performs an UID/GID unshift on the ACL xattr value in accordance with idmap (set) provided

func UnshiftCaps

func UnshiftCaps(value string, set *IdmapSet) (string, error)

UnshiftCaps performs an UID/GID unshift on the security.capability xattr value in accordance with idmap (set) provided

Types

type ByHostid

type ByHostid []*IdmapEntry

func (ByHostid) Len

func (s ByHostid) Len() int

func (ByHostid) Less

func (s ByHostid) Less(i, j int) bool

func (ByHostid) Swap

func (s ByHostid) Swap(i, j int)

type IdRange

type IdRange struct {
	Isuid   bool
	Isgid   bool
	Startid int64
	Endid   int64
}

func (*IdRange) Contains

func (i *IdRange) Contains(id int64) bool

type IdmapEntry

type IdmapEntry struct {
	Isuid    bool
	Isgid    bool
	Hostid   int64 // id as seen on the host - i.e. 100000
	Nsid     int64 // id as seen in the ns - i.e. 0
	Maprange int64
}

IdmapEntry is a single idmap entry (line).

func Extend

func Extend(slice []IdmapEntry, element IdmapEntry) []IdmapEntry

taken from http://blog.golang.org/slices (which is under BSD licence).

func ParseRawIdmap

func ParseRawIdmap(value string) ([]IdmapEntry, error)

ParseRawIdmap parses an IDMAP string.

func (*IdmapEntry) HostIDsCoveredBy

func (e *IdmapEntry) HostIDsCoveredBy(allowedHostUIDs []IdmapEntry, allowedHostGIDs []IdmapEntry) bool

HostIDsCoveredBy returns whether or not the entry is covered by the supplied host UID and GID ID maps. If e.Isuid is true then host IDs must be covered by an entry in allowedHostUIDs, and if e.Isgid is true then host IDs must be covered by an entry in allowedHostGIDs.

func (*IdmapEntry) HostidsIntersect

func (e *IdmapEntry) HostidsIntersect(i IdmapEntry) bool

func (*IdmapEntry) Intersects

func (e *IdmapEntry) Intersects(i IdmapEntry) bool

func (*IdmapEntry) ToLxcString

func (e *IdmapEntry) ToLxcString() []string

func (*IdmapEntry) Usable

func (e *IdmapEntry) Usable() error

type IdmapSet

type IdmapSet struct {
	Idmap []IdmapEntry
}

IdmapSet is a list of IdmapEntry with some functions on it.

func CurrentIdmapSet

func CurrentIdmapSet() (*IdmapSet, error)

* Create an idmap of the current allocation.

func DefaultIdmapSet

func DefaultIdmapSet(rootfs string, username string) (*IdmapSet, error)

* Create a new default idmap.

func GetIdmapSet

func GetIdmapSet() *IdmapSet

GetIdmapSet reads the uid/gid allocation.

func JSONUnmarshal

func JSONUnmarshal(idmapJSON string) (*IdmapSet, error)

JSONUnmarshal unmarshals an IDMAP encoded as JSON.

func (*IdmapSet) AddSafe

func (m *IdmapSet) AddSafe(i IdmapEntry) error

AddSafe adds an entry to the idmap set, breaking apart any ranges that the * new idmap intersects with in the process.

func (IdmapSet) Append

func (m IdmapSet) Append(s string) (IdmapSet, error)

func (*IdmapSet) Equals

func (m *IdmapSet) Equals(other *IdmapSet) bool

func (IdmapSet) HostidsIntersect

func (m IdmapSet) HostidsIntersect(i IdmapEntry) bool

func (IdmapSet) Intersects

func (m IdmapSet) Intersects(i IdmapEntry) bool

func (IdmapSet) Len

func (m IdmapSet) Len() int

func (IdmapSet) Less

func (m IdmapSet) Less(i, j int) bool

func (*IdmapSet) ShiftFile

func (set *IdmapSet) ShiftFile(p string) error

func (IdmapSet) ShiftFromNs

func (m IdmapSet) ShiftFromNs(uid int64, gid int64) (int64, int64)

func (IdmapSet) ShiftIntoNs

func (m IdmapSet) ShiftIntoNs(uid int64, gid int64) (int64, int64)

func (*IdmapSet) ShiftRootfs

func (set *IdmapSet) ShiftRootfs(p string, skipper func(dir string, absPath string, fi os.FileInfo) bool) error

func (IdmapSet) Swap

func (m IdmapSet) Swap(i, j int)

func (IdmapSet) ToGidMappings

func (m IdmapSet) ToGidMappings() []syscall.SysProcIDMap

func (IdmapSet) ToLxcString

func (m IdmapSet) ToLxcString() []string

func (IdmapSet) ToUidMappings

func (m IdmapSet) ToUidMappings() []syscall.SysProcIDMap

func (*IdmapSet) UidshiftFromContainer

func (set *IdmapSet) UidshiftFromContainer(dir string, testmode bool) error

func (*IdmapSet) UidshiftIntoContainer

func (set *IdmapSet) UidshiftIntoContainer(dir string, testmode bool) error

func (*IdmapSet) UnshiftRootfs

func (set *IdmapSet) UnshiftRootfs(p string, skipper func(dir string, absPath string, fi os.FileInfo) bool) error

func (IdmapSet) Usable

func (m IdmapSet) Usable() error

func (IdmapSet) ValidRanges

func (m IdmapSet) ValidRanges() ([]*IdRange, error)

type IdmapStorageType

type IdmapStorageType string

IdmapStorageType represents a file system idmapping type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL