idmap

package
v6.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 15, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// VFS3FSCapsUnknown indicates unknown support for VFS v3 fscaps.
	VFS3FSCapsUnknown = int32(-1)

	// VFS3FSCapsUnsupported indicates the kernel does not support VFS v3 fscaps.
	VFS3FSCapsUnsupported = int32(0)

	// VFS3FSCapsSupported indicates the kernel supports VFS v3 fscaps.
	VFS3FSCapsSupported = int32(1)
)
View Source 
const (
	IdmapStorageNone     = "none"
	IdmapStorageIdmapped = "idmapped"
)

Variables

View Source 
var DefaultFullKernelSet = &Set{Entries: []Entry{
	{true, false, int64(0), int64(0), int64(4294967294)},
	{false, true, int64(0), int64(0), int64(4294967294)},
}}

DefaultFullKernelSet is the default Set of uid/gid with no mapping at all.

View Source 
var ErrHostIDIsSubID = fmt.Errorf("Host ID is in the range of subids")

ErrHostIDIsSubID indicates that an expected host ID is part of a subid range.

View Source 
var ErrNoSuitableSubmap = fmt.Errorf("Couldn't find a suitable submap")

ErrNoSuitableSubmap indicates that it was impossible to split a submap with the requested characteristics.

View Source 
var ErrNoUserMap = fmt.Errorf("No map found for user")

ErrNoUserMap indicates that no entry could be found for the user.

View Source 
var ErrSubidUnsupported = fmt.Errorf("System doesn't support subuid/subgid")

ErrSubidUnsupported indicates that the system is lacking support for subuid/subgid.

View Source 
var VFS3FSCaps = VFS3FSCapsUnknown

VFS3FSCaps can be set to tell the shifter if VFS v3 fscaps are supported.

Functions

func CanIdmapMount 

func CanIdmapMount(path string, fstype string) bool

func GetCaps 

func GetCaps(path string) ([]byte, error)

GetCaps extracts the list of capabilities effective on the file.

func SetCaps 

func SetCaps(path string, caps []byte, uid int64) error

SetCaps applies the caps for a particular root uid.

func ShiftACL 

func ShiftACL(path string, shiftIds func(uid int64, gid int64) (int64, int64)) error

ShiftACL updates the uid and gid for ACL entries through the provided mapper function.

func ShiftOwner 

func ShiftOwner(basepath string, path string, uid int, gid int) error

ShiftOwner updates the uid and gid for a file within a specific basepath.

func SupportsVFS3FSCaps 

func SupportsVFS3FSCaps(prefix string) bool

SupportsVFS3FSCaps checks whether the kernel supports VFS v3 fscaps.

func UnshiftACL 

func UnshiftACL(value string, set *Set) (string, error)

UnshiftACL unshifts the uid/gid in the raw ACL entry.

func UnshiftCaps 

func UnshiftCaps(value string, set *Set) (string, error)

UnshiftCaps unshifts the uid/gid in the raw fscaps.

Types

type ByHostID 

type ByHostID Set

ByHostID allows for sorting an Set by host id.

func (ByHostID) Len 

func (s ByHostID) Len() int

func (ByHostID) Less 

func (s ByHostID) Less(i, j int) bool

func (ByHostID) Swap 

func (s ByHostID) Swap(i, j int)

type Entry 

type Entry struct {
	IsUID    bool  `json:"Isuid"`
	IsGID    bool  `json:"Isgid"`
	HostID   int64 `json:"Hostid"` // id as seen on the host - i.e. 100000
	NSID     int64 `json:"Nsid"`   // id as seen in the ns - i.e. 0
	MapRange int64 `json:"Maprange"`
}

Entry is a single idmap entry (line).

func (*Entry) Clone 

func (e *Entry) Clone() *Entry

Clone gets a distinct copy of the entry.

func (*Entry) HostIDsCoveredBy 

func (e *Entry) HostIDsCoveredBy(allowedHostUIDs []Entry, allowedHostGIDs []Entry) bool

HostIDsCoveredBy returns whether or not the entry is covered by the supplied host UID and GID ID maps. If e.IsUID is true then host IDs must be covered by an entry in allowedHostUIDs, and if e.IsGID is true then host IDs must be covered by an entry in allowedHostGIDs.

func (*Entry) HostIDsIntersect 

func (e *Entry) HostIDsIntersect(i Entry) bool

HostIDsIntersect checks whether the provided entry intersects with the host IDs of the existing one.

func (*Entry) Intersects 

func (e *Entry) Intersects(i Entry) bool

Intersects checks whether the provided entry intersects with the existing one.

func (*Entry) ToLXCString 

func (e *Entry) ToLXCString() []string

ToLXCString converts an Entry into its LXC representation.

func (*Entry) Usable 

func (e *Entry) Usable() error

Usable checks whether the entry is usable on this system.

type IdmapStorageType 

type IdmapStorageType string

type Range 

type Range struct {
	IsUID   bool
	IsGID   bool
	StartID int64
	EndID   int64
}

Range represents a range of uid or gid.

func (*Range) Contains 

func (i *Range) Contains(id int64) bool

Contains checks whether the range contains a particular uid/gid.

type Set 

type Set struct {
	Entries []Entry
}

Set is a list of Entry with some functions on it.

func NewSetFromCurrentProcess 

func NewSetFromCurrentProcess() (*Set, error)

NewSetFromCurrentProcess returns a Set from the process' current uid/gid map.

func NewSetFromIncusIDMap 

func NewSetFromIncusIDMap(value string) (*Set, error)

NewSetFromIncusIDMap parses an Incus raw.idmap into a new idmap Set.

func NewSetFromJSON 

func NewSetFromJSON(data string) (*Set, error)

NewSetFromJSON unpacks an idmap Set from its JSON representation.

func NewSetFromSystem 

func NewSetFromSystem(rootfs string, username string) (*Set, error)

NewSetFromSystem returns a Set for the specified user from the system's subuid/subgid configuration.

func (*Set) AddSafe 

func (m *Set) AddSafe(i Entry) error

AddSafe adds an entry to the idmap set, breaking apart any ranges that the new idmap intersects with in the process.

func (*Set) Append 

func (m *Set) Append(s string) (*Set, error)

Append adds an entry to the set.

func (*Set) Equals 

func (m *Set) Equals(other *Set) bool

Equals checks if two Set are functionally identical.

func (*Set) FilterPOSIX 

func (m *Set) FilterPOSIX() *Set

FilterPOSIX returns a copy of the set with only entries that have a minimum of 65536 IDs.

func (*Set) HostIDsIntersect 

func (m *Set) HostIDsIntersect(i Entry) bool

HostIDsIntersect checks if any of the Entry hostids in the set intersects with the provided entry.

func (*Set) Includes 

func (m *Set) Includes(sub *Set) bool

Includes checks whether the provided Set is fully covered by the current Set.

func (*Set) Intersects 

func (m *Set) Intersects(i Entry) bool

Intersects checks if any of the Entry in the set intersects with the provided entry.

func (*Set) Len 

func (m *Set) Len() int

Len returns the number of Entry contained in the set.

func (*Set) Less 

func (m *Set) Less(i, j int) bool

Less compares two Entry in the set (used for sorting).

func (*Set) ShiftFromNS 

func (m *Set) ShiftFromNS(uid int64, gid int64) (int64, int64)

ShiftFromNS shifts the provided uid and gid into their host equivalent.

func (*Set) ShiftIntoNS 

func (m *Set) ShiftIntoNS(uid int64, gid int64) (int64, int64)

ShiftIntoNS shifts the provided uid and gid into their container equivalent.

func (*Set) ShiftPath 

func (m *Set) ShiftPath(p string, skipper ShiftSkipper) error

ShiftPath shifts a whole filesystem tree.

func (*Set) Split 

func (m *Set) Split(minSize int64, maxSize int64, minHost int64, maxHost int64) (*Set, error)

Split returns a new Set made from a subset of the original set. The minimum and maximum number of uid/gid included is configurable as is the minimum and maximum host ID.

func (*Set) Swap 

func (m *Set) Swap(i, j int)

Swap allows swapping two Entry in the set (used for sorting).

func (*Set) ToGIDMappings 

func (m *Set) ToGIDMappings() []syscall.SysProcIDMap

ToGIDMappings converts an idmapset to a slice of syscall.SysProcIDMap.

func (*Set) ToJSON 

func (m *Set) ToJSON() (string, error)

ToJSON marshals a Set to its JSON reprensetation.

func (*Set) ToLXCString 

func (m *Set) ToLXCString() []string

ToLXCString converts the set to a slice of LXC configuration entries.

func (*Set) ToUIDMappings 

func (m *Set) ToUIDMappings() []syscall.SysProcIDMap

ToUIDMappings converts an idmapset to a slice of syscall.SysProcIDMap.

func (*Set) UnshiftPath 

func (m *Set) UnshiftPath(p string, skipper ShiftSkipper) error

UnshiftPath unshifts a whole filesystem tree.

func (*Set) Usable 

func (m *Set) Usable() error

Usable checks that all Entry in the set are usable.

func (*Set) ValidRanges 

func (m *Set) ValidRanges() ([]*Range, error)

ValidRanges turns the set into a slice of Range.

type ShiftSkipper 

type ShiftSkipper func(dir string, absPath string, fi os.FileInfo, newuid int64, newgid int64) error

ShiftSkipper is a function used to skip shifting or unshifting specific paths.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.