Documentation ¶
Index ¶
- func BecomeRootInUserNS(pausePid string) (bool, int, error)
- func ConfigurationMatches() (bool, error)
- func GetAvailableGids() (int64, error)
- func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error)
- func GetRootlessGID() int
- func GetRootlessUID() int
- func IsFdInherited(fd int) bool
- func IsRootless() bool
- func ReadMappingsProc(path string) ([]idtools.IDMap, error)
- func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error)
- func TryJoinPauseProcess(pausePidPath string) (bool, int, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BecomeRootInUserNS ¶
BecomeRootInUserNS re-exec podman in a new userNS. It returns whether podman was re-executed into a new user namespace and the return code from the re-executed podman process. If podman was re-executed the caller needs to propagate the error code returned by the child process.
func ConfigurationMatches ¶
ConfigurationMatches checks whether the additional uids/gids configured for the user match the current user namespace.
func GetAvailableGids ¶ added in v2.2.0
GetAvailableGids returns how many GIDs are available in the current user namespace.
func GetConfiguredMappings ¶
GetConfiguredMappings returns the additional IDs configured for the current user.
func GetRootlessGID ¶
func GetRootlessGID() int
GetRootlessGID returns the GID of the user in the parent userNS
func GetRootlessUID ¶
func GetRootlessUID() int
GetRootlessUID returns the UID of the user in the parent userNS
func IsFdInherited ¶
IsFdInherited checks whether the fd is opened and valid to use
func ReadMappingsProc ¶
ReadMappingsProc parses and returns the ID mappings at the specified path.
func TryJoinFromFilePaths ¶
func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error)
TryJoinFromFilePaths attempts to join the namespaces of the pid files in paths. This is useful when there are already running containers and we don't have a pause process yet. We can use the paths to the conmon processes to attempt joining their namespaces. If needNewNamespace is set, the file is read from a temporary user namespace, this is useful for containers that are running with a different uidmap and the unprivileged user has no way to read the file owned by the root in the container.
Types ¶
This section is empty.