Documentation ¶
Index ¶
- func BecomeRootInUserNS(pausePid string) (bool, int, error)
- func ConfigurationMatches() (bool, error)
- func GetAvailableGIDMap() ([]user.IDMap, error)
- func GetAvailableGids() (int64, error)
- func GetAvailableIDMaps() ([]user.IDMap, []user.IDMap, error)
- func GetAvailableUIDMap() ([]user.IDMap, error)
- func GetAvailableUids() (int64, error)
- func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error)
- func GetRootlessGID() int
- func GetRootlessUID() int
- func IsFdInherited(fd int) bool
- func IsRootless() bool
- func MaybeSplitMappings(mappings []spec.LinuxIDMapping, availableMappings []user.IDMap) []spec.LinuxIDMapping
- func ReadMappingsProc(path string) ([]idtools.IDMap, error)
- func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error)
- func TryJoinPauseProcess(pausePidPath string) (bool, int, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BecomeRootInUserNS ¶
BecomeRootInUserNS re-exec podman in a new userNS. It returns whether podman was re-executed into a new user namespace and the return code from the re-executed podman process. If podman was re-executed the caller needs to propagate the error code returned by the child process.
func ConfigurationMatches ¶
ConfigurationMatches checks whether the additional uids/gids configured for the user match the current user namespace.
func GetAvailableGIDMap ¶
GetAvailableGIDMap returns the GID mappings in the current user namespace.
func GetAvailableGids ¶
GetAvailableGids returns how many GIDs are available in the current user namespace.
func GetAvailableIDMaps ¶
GetAvailableIDMaps returns the UID and GID mappings in the current user namespace.
func GetAvailableUIDMap ¶
GetAvailableUIDMap returns the UID mappings in the current user namespace.
func GetAvailableUids ¶
GetAvailableUids returns how many UIDs are available in the current user namespace.
func GetConfiguredMappings ¶
GetConfiguredMappings returns the additional IDs configured for the current user.
func GetRootlessGID ¶
func GetRootlessGID() int
GetRootlessGID returns the GID of the user in the parent userNS
func GetRootlessUID ¶
func GetRootlessUID() int
GetRootlessUID returns the UID of the user in the parent userNS
func IsFdInherited ¶
IsFdInherited checks whether the fd is opened and valid to use
func MaybeSplitMappings ¶
func MaybeSplitMappings(mappings []spec.LinuxIDMapping, availableMappings []user.IDMap) []spec.LinuxIDMapping
MaybeSplitMappings checks whether the specified OCI mappings are possible in the current user namespace or the specified ranges must be split.
func ReadMappingsProc ¶
ReadMappingsProc parses and returns the ID mappings at the specified path.
func TryJoinFromFilePaths ¶
func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []string) (bool, int, error)
TryJoinFromFilePaths attempts to join the namespaces of the pid files in paths. This is useful when there are already running containers and we don't have a pause process yet. We can use the paths to the conmon processes to attempt joining their namespaces. If needNewNamespace is set, the file is read from a temporary user namespace, this is useful for containers that are running with a different uidmap and the unprivileged user has no way to read the file owned by the root in the container.
Types ¶
This section is empty.