idtools

package
v1.56.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2024 License: Apache-2.0 Imports: 22 Imported by: 205

Documentation

Index

Constants

View Source
const (
	ContainersOverrideXattr = "user.containers.override_stat"
)

Variables

This section is empty.

Functions

func AddNamespaceRangesUser

func AddNamespaceRangesUser(name string) (int, int, error)

AddNamespaceRangesUser takes a username and uses the standard system utility to create a system user/group pair used to hold the /etc/sub{uid,gid} ranges which will be used for user namespace mapping ranges in containers.

func CanAccess

func CanAccess(path string, pair IDPair) bool

CanAccess takes a valid (existing) directory and a uid, gid pair and determines if that uid, gid pair has access (execute bit) to the directory

func FormatContainersOverrideXattr added in v1.55.0

func FormatContainersOverrideXattr(uid, gid, mode int) string

FormatContainersOverrideXattr will format the given uid, gid, and mode into a string that can be used as the value for the ContainersOverrideXattr xattr.

func GetRootUIDGID

func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error)

GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. If the maps are empty, then the root uid/gid will default to "real" 0/0

func IsContiguous added in v0.46.1

func IsContiguous(mappings []IDMap) bool

IsContiguous checks if the specified mapping is contiguous and doesn't have any hole.

func LookupGID

func LookupGID(gid int) (user.Group, error)

LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupGroup

func LookupGroup(groupname string) (user.Group, error)

LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupUID

func LookupUID(uid int) (user.User, error)

LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupUser

func LookupUser(username string) (user.User, error)

LookupUser uses traditional local system files lookup (from libcontainer/user) on a username, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func MkdirAllAndChown

func MkdirAllAndChown(path string, mode os.FileMode, ids IDPair) error

MkdirAllAndChown creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership to the requested uid/gid pair.

func MkdirAllAndChownNew

func MkdirAllAndChownNew(path string, mode os.FileMode, ids IDPair) error

MkdirAllAndChownNew creates a directory (include any along the path) and then modifies ownership ONLY of newly created directories to the requested uid/gid. If the directories along the path exist, no change of ownership will be performed

func MkdirAllAs

func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error

MkdirAllAs creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership to the requested uid/gid pair. Deprecated: Use MkdirAllAndChown

func MkdirAndChown

func MkdirAndChown(path string, mode os.FileMode, ids IDPair) error

MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership

func MkdirAs

func MkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int) error

MkdirAs creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership Deprecated: Use MkdirAndChown with a IDPair

func RawToContainer added in v0.46.1

func RawToContainer(hostID int, idMap []IDMap) (int, error)

RawToContainer takes an id mapping, and uses it to translate a host ID to the remapped ID. If no map is provided, then the translation assumes a 1-to-1 mapping and returns the passed in id.

If you wish to map a (uid,gid) combination you should use the corresponding IDMappings methods, which ensure that you are mapping the correct ID against the correct mapping.

func RawToHost added in v0.46.1

func RawToHost(contID int, idMap []IDMap) (int, error)

RawToHost takes an id mapping and a remapped ID, and translates the ID to the mapped host ID. If no map is provided, then the translation assumes a 1-to-1 mapping and returns the passed in id.

If you wish to map a (uid,gid) combination you should use the corresponding IDMappings methods, which ensure that you are mapping the correct ID against the correct mapping.

func SafeChown

func SafeChown(name string, uid, gid int) error

func SafeLchown

func SafeLchown(name string, uid, gid int) error

func SetContainersOverrideXattr added in v1.55.0

func SetContainersOverrideXattr(path string, stat Stat) error

SetContainersOverrideXattr will encode and set ContainersOverrideXattr.

Types

type IDMap

type IDMap struct {
	ContainerID int `json:"container_id"`
	HostID      int `json:"host_id"`
	Size        int `json:"size"`
}

IDMap contains a single entry for user namespace range remapping. An array of IDMap entries represents the structure that will be provided to the Linux kernel for creating a user namespace.

func ParseIDMap

func ParseIDMap(mapSpec []string, mapSetting string) (idmap []IDMap, err error)

ParseIDMap parses idmap triples from string.

type IDMappings

type IDMappings struct {
	// contains filtered or unexported fields
}

IDMappings contains a mappings of UIDs and GIDs

func NewIDMappings

func NewIDMappings(username, groupname string) (*IDMappings, error)

NewIDMappings takes a requested user and group name and using the data from /etc/sub{uid,gid} ranges, creates the proper uid and gid remapping ranges for that user/group pair

func NewIDMappingsFromMaps

func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IDMappings

NewIDMappingsFromMaps creates a new mapping from two slices Deprecated: this is a temporary shim while transitioning to IDMapping

func (*IDMappings) Empty

func (i *IDMappings) Empty() bool

Empty returns true if there are no id mappings

func (*IDMappings) GIDs

func (i *IDMappings) GIDs() []IDMap

GIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs

func (*IDMappings) RootPair

func (i *IDMappings) RootPair() IDPair

RootPair returns a uid and gid pair for the root user. The error is ignored because a root user always exists, and the defaults are correct when the uid and gid maps are empty.

func (*IDMappings) ToContainer

func (i *IDMappings) ToContainer(pair IDPair) (int, int, error)

ToContainer returns the container UID and GID for the host uid and gid

func (*IDMappings) ToHost

func (i *IDMappings) ToHost(pair IDPair) (IDPair, error)

ToHost returns the host UID and GID for the container uid, gid.

func (*IDMappings) ToHostOverflow added in v0.46.1

func (i *IDMappings) ToHostOverflow(pair IDPair) (IDPair, error)

ToHost returns the host UID and GID for the container uid, gid. Remapping is only performed if the ids aren't already the remapped root ids If the mapping is not possible because the target ID is not mapped into the namespace, then the overflow ID is used.

func (*IDMappings) UIDs

func (i *IDMappings) UIDs() []IDMap

UIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs

type IDPair

type IDPair struct {
	UID int
	GID int
}

IDPair is a UID and GID pair

type Stat added in v1.55.0

type Stat struct {
	IDs  IDPair
	Mode os.FileMode
}

Stat contains file states that can be overridden with ContainersOverrideXattr.

func GetContainersOverrideXattr added in v1.55.0

func GetContainersOverrideXattr(path string) (Stat, error)

GetContainersOverrideXattr will get and decode ContainersOverrideXattr.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL