unshare

package
v1.51.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 28, 2024 License: Apache-2.0 Imports: 21 Imported by: 74

Documentation

Index

Constants

View Source 
const (
	// UsernsEnvName is the environment variable, if set indicates in rootless mode
	UsernsEnvName = "_CONTAINERS_USERNS_CONFIGURED"
)

Variables

This section is empty.

Functions

func ExecRunnable 

func ExecRunnable(cmd Runnable, cleanup func())

ExecRunnable runs the specified unshare command, captures its exit status, and exits with the same status.

func GetHostIDMappings 

func GetHostIDMappings(pid string) ([]specs.LinuxIDMapping, []specs.LinuxIDMapping, error)

GetHostIDMappings reads mappings for the specified process (or the current process if pid is "self" or an empty string) from the kernel.

func GetRootlessGID added in v1.51.0 

func GetRootlessGID() int

GetRootlessGID returns the GID of the user in the parent userNS

func GetRootlessUID 

func GetRootlessUID() int

GetRootlessUID returns the UID of the user in the parent userNS

func GetSubIDMappings 

func GetSubIDMappings(user, group string) ([]specs.LinuxIDMapping, []specs.LinuxIDMapping, error)

GetSubIDMappings reads mappings from /etc/subuid and /etc/subgid.

func HasCapSysAdmin added in v0.46.1 

func HasCapSysAdmin() (bool, error)

HasCapSysAdmin returns whether the current process has CAP_SYS_ADMIN.

func HomeDir 

func HomeDir() (string, error)

HomeDir returns the home directory for the current user.

func IsRootless 

func IsRootless() bool

IsRootless tells us if we are running in rootless mode

func IsSetID added in v0.46.1 

func IsSetID(path string, modeid os.FileMode, capid capability.Cap) (bool, error)

IsSetID checks if specified path has correct FileMode (Setuid|SETGID) or the matching file capability

func MaybeReexecUsingUserNamespace 

func MaybeReexecUsingUserNamespace(evenForRoot bool)

MaybeReexecUsingUserNamespace re-exec the process in a new namespace

func ParseIDMappings 

func ParseIDMappings(uidmap, gidmap []string) ([]idtools.IDMap, []idtools.IDMap, error)

ParseIDMappings parses mapping triples.

func RootlessEnv 

func RootlessEnv() []string

RootlessEnv returns the environment settings for the rootless containers

Types

type Cmd 

type Cmd struct {
	*exec.Cmd
	UnshareFlags               int
	UseNewuidmap               bool
	UidMappings                []specs.LinuxIDMapping // nolint: revive,golint
	UseNewgidmap               bool
	GidMappings                []specs.LinuxIDMapping // nolint: revive,golint
	GidMappingsEnableSetgroups bool
	Setsid                     bool
	Setpgrp                    bool
	Ctty                       *os.File
	OOMScoreAdj                *int
	Hook                       func(pid int) error
}

Cmd wraps an exec.Cmd created by the reexec package in unshare(), and handles setting ID maps and other related settings by triggering initialization code in the child.

func Command 

func Command(args ...string) *Cmd

Command creates a new Cmd which can be customized.

func (*Cmd) CombinedOutput 

func (c *Cmd) CombinedOutput() ([]byte, error)

func (*Cmd) Output 

func (c *Cmd) Output() ([]byte, error)

func (*Cmd) Run 

func (c *Cmd) Run() error

func (*Cmd) Start 

func (c *Cmd) Start() error

type Runnable 

type Runnable interface {
	Run() error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.