Documentation ¶
Index ¶
- Constants
- func AddNamespaceRangesUser(name string) (int, int, error)
- func CanAccess(path string, pair IDPair) bool
- func FormatContainersOverrideXattr(uid, gid, mode int) string
- func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error)
- func IsContiguous(mappings []IDMap) bool
- func LookupGID(gid int) (user.Group, error)
- func LookupGroup(groupname string) (user.Group, error)
- func LookupUID(uid int) (user.User, error)
- func LookupUser(username string) (user.User, error)
- func MkdirAllAndChown(path string, mode os.FileMode, ids IDPair) error
- func MkdirAllAndChownNew(path string, mode os.FileMode, ids IDPair) error
- func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error
- func MkdirAndChown(path string, mode os.FileMode, ids IDPair) error
- func MkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int) error
- func RawToContainer(hostID int, idMap []IDMap) (int, error)
- func RawToHost(contID int, idMap []IDMap) (int, error)
- func SafeChown(name string, uid, gid int) error
- func SafeLchown(name string, uid, gid int) error
- func SetContainersOverrideXattr(path string, stat Stat) error
- type IDMap
- type IDMappings
- func (i *IDMappings) Empty() bool
- func (i *IDMappings) GIDs() []IDMap
- func (i *IDMappings) RootPair() IDPair
- func (i *IDMappings) ToContainer(pair IDPair) (int, int, error)
- func (i *IDMappings) ToHost(pair IDPair) (IDPair, error)
- func (i *IDMappings) ToHostOverflow(pair IDPair) (IDPair, error)
- func (i *IDMappings) UIDs() []IDMap
- type IDPair
- type Stat
Constants ¶
const (
ContainersOverrideXattr = "user.containers.override_stat"
)
Variables ¶
This section is empty.
Functions ¶
func AddNamespaceRangesUser ¶
AddNamespaceRangesUser takes a username and uses the standard system utility to create a system user/group pair used to hold the /etc/sub{uid,gid} ranges which will be used for user namespace mapping ranges in containers.
func CanAccess ¶
CanAccess takes a valid (existing) directory and a uid, gid pair and determines if that uid, gid pair has access (execute bit) to the directory
func FormatContainersOverrideXattr ¶ added in v1.55.0
FormatContainersOverrideXattr will format the given uid, gid, and mode into a string that can be used as the value for the ContainersOverrideXattr xattr.
func GetRootUIDGID ¶
GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. If the maps are empty, then the root uid/gid will default to "real" 0/0
func IsContiguous ¶ added in v0.46.1
IsContiguous checks if the specified mapping is contiguous and doesn't have any hole.
func LookupGID ¶
LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID, followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func LookupGroup ¶
LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name, followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func LookupUID ¶
LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid, followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func LookupUser ¶
LookupUser uses traditional local system files lookup (from libcontainer/user) on a username, followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func MkdirAllAndChown ¶
MkdirAllAndChown creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership to the requested uid/gid pair.
func MkdirAllAndChownNew ¶
MkdirAllAndChownNew creates a directory (include any along the path) and then modifies ownership ONLY of newly created directories to the requested uid/gid. If the directories along the path exist, no change of ownership will be performed
func MkdirAllAs ¶
MkdirAllAs creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership to the requested uid/gid pair. Deprecated: Use MkdirAllAndChown
func MkdirAndChown ¶
MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership
func MkdirAs ¶
MkdirAs creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership Deprecated: Use MkdirAndChown with a IDPair
func RawToContainer ¶ added in v0.46.1
RawToContainer takes an id mapping, and uses it to translate a host ID to the remapped ID. If no map is provided, then the translation assumes a 1-to-1 mapping and returns the passed in id.
If you wish to map a (uid,gid) combination you should use the corresponding IDMappings methods, which ensure that you are mapping the correct ID against the correct mapping.
func RawToHost ¶ added in v0.46.1
RawToHost takes an id mapping and a remapped ID, and translates the ID to the mapped host ID. If no map is provided, then the translation assumes a 1-to-1 mapping and returns the passed in id.
If you wish to map a (uid,gid) combination you should use the corresponding IDMappings methods, which ensure that you are mapping the correct ID against the correct mapping.
func SafeLchown ¶
func SetContainersOverrideXattr ¶ added in v1.55.0
SetContainersOverrideXattr will encode and set ContainersOverrideXattr.
Types ¶
type IDMap ¶
type IDMap struct { ContainerID int `json:"container_id"` HostID int `json:"host_id"` Size int `json:"size"` }
IDMap contains a single entry for user namespace range remapping. An array of IDMap entries represents the structure that will be provided to the Linux kernel for creating a user namespace.
type IDMappings ¶
type IDMappings struct {
// contains filtered or unexported fields
}
IDMappings contains a mappings of UIDs and GIDs
func NewIDMappings ¶
func NewIDMappings(username, groupname string) (*IDMappings, error)
NewIDMappings takes a requested user and group name and using the data from /etc/sub{uid,gid} ranges, creates the proper uid and gid remapping ranges for that user/group pair
func NewIDMappingsFromMaps ¶
func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IDMappings
NewIDMappingsFromMaps creates a new mapping from two slices Deprecated: this is a temporary shim while transitioning to IDMapping
func (*IDMappings) Empty ¶
func (i *IDMappings) Empty() bool
Empty returns true if there are no id mappings
func (*IDMappings) GIDs ¶
func (i *IDMappings) GIDs() []IDMap
GIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs
func (*IDMappings) RootPair ¶
func (i *IDMappings) RootPair() IDPair
RootPair returns a uid and gid pair for the root user. The error is ignored because a root user always exists, and the defaults are correct when the uid and gid maps are empty.
func (*IDMappings) ToContainer ¶
func (i *IDMappings) ToContainer(pair IDPair) (int, int, error)
ToContainer returns the container UID and GID for the host uid and gid
func (*IDMappings) ToHost ¶
func (i *IDMappings) ToHost(pair IDPair) (IDPair, error)
ToHost returns the host UID and GID for the container uid, gid.
func (*IDMappings) ToHostOverflow ¶ added in v0.46.1
func (i *IDMappings) ToHostOverflow(pair IDPair) (IDPair, error)
ToHost returns the host UID and GID for the container uid, gid. Remapping is only performed if the ids aren't already the remapped root ids If the mapping is not possible because the target ID is not mapped into the namespace, then the overflow ID is used.
func (*IDMappings) UIDs ¶
func (i *IDMappings) UIDs() []IDMap
UIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs
type Stat ¶ added in v1.55.0
Stat contains file states that can be overridden with ContainersOverrideXattr.
func GetContainersOverrideXattr ¶ added in v1.55.0
GetContainersOverrideXattr will get and decode ContainersOverrideXattr.