Documentation ¶
Index ¶
- func BecomeRootInUserNS(pausePid string) (bool, int, error)
- func ConfigurationMatches() (bool, error)
- func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error)
- func GetRootlessGID() int
- func GetRootlessUID() int
- func IsRootless() bool
- func ReadMappingsProc(path string) ([]idtools.IDMap, error)
- func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error)
- func TryJoinPauseProcess(pausePidPath string) (bool, int, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BecomeRootInUserNS ¶
BecomeRootInUserNS re-exec podman in a new userNS. It returns whether podman was re-executed into a new user namespace and the return code from the re-executed podman process. If podman was re-executed the caller needs to propagate the error code returned by the child process.
func ConfigurationMatches ¶ added in v1.6.0
ConfigurationMatches checks whether the additional uids/gids configured for the user match the current user namespace.
func GetConfiguredMappings ¶ added in v1.6.0
GetConfiguredMappings returns the additional IDs configured for the current user.
func GetRootlessGID ¶ added in v1.4.0
func GetRootlessGID() int
GetRootlessGID returns the GID of the user in the parent userNS
func GetRootlessUID ¶ added in v0.7.1
func GetRootlessUID() int
GetRootlessUID returns the UID of the user in the parent userNS
func ReadMappingsProc ¶ added in v1.6.2
ReadMappingsProc parses and returns the ID mappings at the specified path.
func TryJoinFromFilePaths ¶ added in v1.4.0
func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error)
TryJoinFromFilePaths attempts to join the namespaces of the pid files in paths. This is useful when there are already running containers and we don't have a pause process yet. We can use the paths to the conmon processes to attempt joining their namespaces. If needNewNamespace is set, the file is read from a temporary user namespace, this is useful for containers that are running with a different uidmap and the unprivileged user has no way to read the file owned by the root in the container.
Types ¶
This section is empty.