Documentation ¶
Index ¶
- func AddNamespaceRangesUser(name string) (int, int, error)
- func CanAccess(path string, pair IDPair) bool
- func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error)
- func IsContiguous(mappings []IDMap) bool
- func LookupGID(gid int) (user.Group, error)
- func LookupGroup(groupname string) (user.Group, error)
- func LookupUID(uid int) (user.User, error)
- func LookupUser(username string) (user.User, error)
- func MkdirAllAndChown(path string, mode os.FileMode, ids IDPair) error
- func MkdirAllAndChownNew(path string, mode os.FileMode, ids IDPair) error
- func MkdirAllAs(path string, mode os.FileMode, ownerUID, ownerGID int) error
- func MkdirAndChown(path string, mode os.FileMode, ids IDPair) error
- func MkdirAs(path string, mode os.FileMode, ownerUID, ownerGID int) error
- func SafeChown(name string, uid, gid int) error
- func SafeLchown(name string, uid, gid int) error
- type IDMap
- type IDMappings
- type IDPair
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddNamespaceRangesUser ¶
AddNamespaceRangesUser takes a username and uses the standard system utility to create a system user/group pair used to hold the /etc/sub{uid,gid} ranges which will be used for user namespace mapping ranges in containers.
func CanAccess ¶
CanAccess takes a valid (existing) directory and a uid, gid pair and determines if that uid, gid pair has access (execute bit) to the directory
func GetRootUIDGID ¶
GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. If the maps are empty, then the root uid/gid will default to "real" 0/0
func IsContiguous ¶
IsContiguous checks if the specified mapping is contiguous and doesn't have any hole.
func LookupGID ¶
LookupGID uses traditional local constants files lookup (from libcontainer/user) on a group ID, followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func LookupGroup ¶
LookupGroup uses traditional local constants files lookup (from libcontainer/user) on a group name, followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func LookupUID ¶
followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func LookupUser ¶
followed by a call to `getent` for supporting host configured non-files passwd and group dbs
func MkdirAllAndChown ¶
MkdirAllAndChown creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership to the requested uid/gid pair.
func MkdirAllAndChownNew ¶
MkdirAllAndChownNew creates a directory (include any along the path) and then modifies ownership ONLY of newly created directories to the requested uid/gid. If the directories along the path exist, no change of ownership will be performed
func MkdirAllAs ¶
MkdirAllAs creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership to the requested uid/gid pair. Deprecated: Use MkdirAllAndChown
func MkdirAndChown ¶
MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership
func MkdirAs ¶
MkdirAs creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership Deprecated: Use MkdirAndChown with a IDPair
func SafeLchown ¶
Types ¶
type IDMap ¶
type IDMap struct { ContainerID int `json:"container_id"` HostID int `json:"host_id"` Size int `json:"size"` }
IDMap contains a single entry for user namespace range remapping. An array of IDMap entries represents the structure that will be provided to the Linux kernel for creating a user namespace.
type IDMappings ¶
type IDMappings struct {
// contains filtered or unexported fields
}
IDMappings contains a mappings of UIDs and GIDs
func NewIDMappings ¶
func NewIDMappings(username, groupname string) (*IDMappings, error)
NewIDMappings takes a requested user and group name and using the data from /etc/sub{uid,gid} ranges, creates the proper uid and gid remapping ranges for that user/group pair
func NewIDMappingsFromMaps ¶
func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IDMappings
NewIDMappingsFromMaps creates a new mapping from two slices Deprecated: this is a temporary shim while transitioning to IDMapping
func (*IDMappings) Empty ¶
func (i *IDMappings) Empty() bool
Empty returns true if there are no id mappings
func (*IDMappings) GIDs ¶
func (i *IDMappings) GIDs() []IDMap
GIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs
func (*IDMappings) RootPair ¶
func (i *IDMappings) RootPair() IDPair
RootPair returns a uid and gid pair for the root user. The error is ignored because a root user always exists, and the defaults are correct when the uid and gid maps are empty.
func (*IDMappings) ToContainer ¶
func (i *IDMappings) ToContainer(pair IDPair) (int, int, error)
ToContainer returns the container UID and GID for the host uid and gid
func (*IDMappings) ToHost ¶
func (i *IDMappings) ToHost(pair IDPair) (IDPair, error)
ToHost returns the host UID and GID for the container uid, gid. Remapping is only performed if the ids aren't already the remapped root ids
func (*IDMappings) UIDs ¶
func (i *IDMappings) UIDs() []IDMap
UIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs