idmap

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 6, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// VFS3FSCapsUnknown indicates unknown support for VFS v3 fscaps.
	VFS3FSCapsUnknown = int32(-1)

	// VFS3FSCapsUnsupported indicates the kernel does not support VFS v3 fscaps.
	VFS3FSCapsUnsupported = int32(0)

	// VFS3FSCapsSupported indicates the kernel supports VFS v3 fscaps.
	VFS3FSCapsSupported = int32(1)
)
View Source
const (
	IdmapStorageNone     = "none"
	IdmapStorageIdmapped = "idmapped"
)

Variables

View Source
var DefaultFullKernelSet = &Set{Entries: []Entry{
	{true, false, int64(0), int64(0), int64(4294967294)},
	{false, true, int64(0), int64(0), int64(4294967294)},
}}

DefaultFullKernelSet is the default Set of uid/gid with no mapping at all.

View Source
var ErrHostIDIsSubID = fmt.Errorf("Host ID is in the range of subids")

ErrHostIDIsSubID indicates that an expected host ID is part of a subid range.

View Source
var ErrNoSuitableSubmap = fmt.Errorf("Couldn't find a suitable submap")

ErrNoSuitableSubmap indicates that it was impossible to split a submap with the requested characteristics.

View Source
var ErrNoUserMap = fmt.Errorf("No map found for user")

ErrNoUserMap indicates that no entry could be found for the user.

View Source
var ErrSubidUnsupported = fmt.Errorf("System doesn't support subuid/subgid")

ErrSubidUnsupported indicates that the system is lacking support for subuid/subgid.

View Source
var VFS3FSCaps = VFS3FSCapsUnknown

VFS3FSCaps can be set to tell the shifter if VFS v3 fscaps are supported.

Functions

func CanIdmapMount

func CanIdmapMount(path string, fstype string) bool

func GetCaps

func GetCaps(path string) ([]byte, error)

GetCaps extracts the list of capabilities effective on the file.

func SetCaps

func SetCaps(path string, caps []byte, uid int64) error

SetCaps applies the caps for a particular root uid.

func ShiftACL

func ShiftACL(path string, shiftIds func(uid int64, gid int64) (int64, int64)) error

ShiftACL updates the uid and gid for ACL entries through the provided mapper function.

func ShiftOwner

func ShiftOwner(basepath string, path string, uid int, gid int) error

ShiftOwner updates the uid and gid for a file within a specific basepath.

func SupportsVFS3FSCaps

func SupportsVFS3FSCaps(prefix string) bool

SupportsVFS3FSCaps checks whether the kernel supports VFS v3 fscaps.

func UnshiftACL

func UnshiftACL(value string, set *Set) (string, error)

UnshiftACL unshifts the uid/gid in the raw ACL entry.

func UnshiftCaps

func UnshiftCaps(value string, set *Set) (string, error)

UnshiftCaps unshifts the uid/gid in the raw fscaps.

Types

type ByHostID

type ByHostID Set

ByHostID allows for sorting an Set by host id.

func (ByHostID) Len

func (s ByHostID) Len() int

func (ByHostID) Less

func (s ByHostID) Less(i, j int) bool

func (ByHostID) Swap

func (s ByHostID) Swap(i, j int)

type Entry

type Entry struct {
	IsUID    bool  `json:"Isuid"`
	IsGID    bool  `json:"Isgid"`
	HostID   int64 `json:"Hostid"` // id as seen on the host - i.e. 100000
	NSID     int64 `json:"Nsid"`   // id as seen in the ns - i.e. 0
	MapRange int64 `json:"Maprange"`
}

Entry is a single idmap entry (line).

func (*Entry) Clone

func (e *Entry) Clone() *Entry

Clone gets a distinct copy of the entry.

func (*Entry) HostIDsCoveredBy

func (e *Entry) HostIDsCoveredBy(allowedHostUIDs []Entry, allowedHostGIDs []Entry) bool

HostIDsCoveredBy returns whether or not the entry is covered by the supplied host UID and GID ID maps. If e.IsUID is true then host IDs must be covered by an entry in allowedHostUIDs, and if e.IsGID is true then host IDs must be covered by an entry in allowedHostGIDs.

func (*Entry) HostIDsIntersect

func (e *Entry) HostIDsIntersect(i Entry) bool

HostIDsIntersect checks whether the provided entry intersects with the host IDs of the existing one.

func (*Entry) Intersects

func (e *Entry) Intersects(i Entry) bool

Intersects checks whether the provided entry intersects with the existing one.

func (*Entry) ToLXCString

func (e *Entry) ToLXCString() []string

ToLXCString converts an Entry into its LXC representation.

func (*Entry) Usable

func (e *Entry) Usable() error

Usable checks whether the entry is usable on this system.

type IdmapStorageType

type IdmapStorageType string

type Range

type Range struct {
	IsUID   bool
	IsGID   bool
	StartID int64
	EndID   int64
}

Range represents a range of uid or gid.

func (*Range) Contains

func (i *Range) Contains(id int64) bool

Contains checks whether the range contains a particular uid/gid.

type Set

type Set struct {
	Entries []Entry
}

Set is a list of Entry with some functions on it.

func NewSetFromCurrentProcess

func NewSetFromCurrentProcess() (*Set, error)

NewSetFromCurrentProcess returns a Set from the process' current uid/gid map.

func NewSetFromIncusIDMap

func NewSetFromIncusIDMap(value string) (*Set, error)

NewSetFromIncusIDMap parses an Incus raw.idmap into a new idmap Set.

func NewSetFromJSON

func NewSetFromJSON(data string) (*Set, error)

NewSetFromJSON unpacks an idmap Set from its JSON representation.

func NewSetFromSystem

func NewSetFromSystem(rootfs string, username string) (*Set, error)

NewSetFromSystem returns a Set for the specified user from the system's subuid/subgid configuration.

func (*Set) AddSafe

func (m *Set) AddSafe(i Entry) error

AddSafe adds an entry to the idmap set, breaking apart any ranges that the new idmap intersects with in the process.

func (*Set) Append

func (m *Set) Append(s string) (*Set, error)

Append adds an entry to the set.

func (*Set) Equals

func (m *Set) Equals(other *Set) bool

Equals checks if two Set are functionally identical.

func (*Set) FilterPOSIX

func (m *Set) FilterPOSIX() *Set

FilterPOSIX returns a copy of the set with only entries that have a minimum of 65536 IDs.

func (*Set) HostIDsIntersect

func (m *Set) HostIDsIntersect(i Entry) bool

HostIDsIntersect checks if any of the Entry hostids in the set intersects with the provided entry.

func (*Set) Includes

func (m *Set) Includes(sub *Set) bool

Includes checks whether the provided Set is fully covered by the current Set.

func (*Set) Intersects

func (m *Set) Intersects(i Entry) bool

Intersects checks if any of the Entry in the set intersects with the provided entry.

func (*Set) Len

func (m *Set) Len() int

Len returns the number of Entry contained in the set.

func (*Set) Less

func (m *Set) Less(i, j int) bool

Less compares two Entry in the set (used for sorting).

func (*Set) ShiftFromNS

func (m *Set) ShiftFromNS(uid int64, gid int64) (int64, int64)

ShiftFromNS shifts the provided uid and gid into their host equivalent.

func (*Set) ShiftIntoNS

func (m *Set) ShiftIntoNS(uid int64, gid int64) (int64, int64)

ShiftIntoNS shifts the provided uid and gid into their container equivalent.

func (*Set) ShiftPath

func (m *Set) ShiftPath(p string, skipper ShiftSkipper) error

ShiftPath shifts a whole filesystem tree.

func (*Set) Split

func (m *Set) Split(minSize int64, maxSize int64, minHost int64, maxHost int64) (*Set, error)

Split returns a new Set made from a subset of the original set. The minimum and maximum number of uid/gid included is configurable as is the minimum and maximum host ID.

func (*Set) Swap

func (m *Set) Swap(i, j int)

Swap allows swapping two Entry in the set (used for sorting).

func (*Set) ToGIDMappings

func (m *Set) ToGIDMappings() []syscall.SysProcIDMap

ToGIDMappings converts an idmapset to a slice of syscall.SysProcIDMap.

func (*Set) ToJSON

func (m *Set) ToJSON() (string, error)

ToJSON marshals a Set to its JSON reprensetation.

func (*Set) ToLXCString

func (m *Set) ToLXCString() []string

ToLXCString converts the set to a slice of LXC configuration entries.

func (*Set) ToUIDMappings

func (m *Set) ToUIDMappings() []syscall.SysProcIDMap

ToUIDMappings converts an idmapset to a slice of syscall.SysProcIDMap.

func (*Set) UnshiftPath

func (m *Set) UnshiftPath(p string, skipper ShiftSkipper) error

UnshiftPath unshifts a whole filesystem tree.

func (*Set) Usable

func (m *Set) Usable() error

Usable checks that all Entry in the set are usable.

func (*Set) ValidRanges

func (m *Set) ValidRanges() ([]*Range, error)

ValidRanges turns the set into a slice of Range.

type ShiftSkipper

type ShiftSkipper func(dir string, absPath string, fi os.FileInfo, newuid int64, newgid int64) error

ShiftSkipper is a function used to skip shifting or unshifting specific paths.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL