idmap

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 26, 2024 License: Apache-2.0 Imports: 22 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// VFS3FSCapsUnknown indicates unknown support for VFS v3 fscaps.
	VFS3FSCapsUnknown = int32(-1)

	// VFS3FSCapsUnsupported indicates the kernel does not support VFS v3 fscaps.
	VFS3FSCapsUnsupported = int32(0)

	// VFS3FSCapsSupported indicates the kernel supports VFS v3 fscaps.
	VFS3FSCapsSupported = int32(1)
)
View Source 
const (
	IdmapStorageNone     = "none"
	IdmapStorageIdmapped = "idmapped"
)

Variables

View Source 
var DefaultFullKernelSet = &Set{Entries: []Entry{
	{true, false, int64(0), int64(0), int64(4294967294)},
	{false, true, int64(0), int64(0), int64(4294967294)},
}}

DefaultFullKernelSet is the default Set of uid/gid with no mapping at all.

View Source 
var ErrHostIDIsSubID = fmt.Errorf("Host ID is in the range of subids")

ErrHostIDIsSubID indicates that an expected host ID is part of a subid range.

View Source 
var ErrNoSuitableSubmap = fmt.Errorf("Couldn't find a suitable submap")

ErrNoSuitableSubmap indicates that it was impossible to split a submap with the requested characteristics.

View Source 
var ErrNoUserMap = fmt.Errorf("No map found for user")

ErrNoUserMap indicates that no entry could be found for the user.

View Source 
var ErrSubidUnsupported = fmt.Errorf("System doesn't support subuid/subgid")

ErrSubidUnsupported indicates that the system is lacking support for subuid/subgid.

View Source 
var VFS3FSCaps = VFS3FSCapsUnknown

VFS3FSCaps can be set to tell the shifter if VFS v3 fscaps are supported.

Functions

func CanIdmapMount 

func CanIdmapMount(path string, fstype string) bool

func GetCaps 

func GetCaps(path string) ([]byte, error)

GetCaps extracts the list of capabilities effective on the file.

func SetCaps 

func SetCaps(path string, caps []byte, uid int64) error

SetCaps applies the caps for a particular root uid.

func ShiftACL 

func ShiftACL(path string, shiftIds func(uid int64, gid int64) (int64, int64)) error

ShiftACL updates the uid and gid for ACL entries through the provided mapper function.

func ShiftOwner 

func ShiftOwner(basepath string, path string, uid int, gid int) error

ShiftOwner updates the uid and gid for a file within a specific basepath.

func SupportsVFS3FSCaps added in v0.5.0 

func SupportsVFS3FSCaps(prefix string) bool

SupportsVFS3FSCaps checks whether the kernel supports VFS v3 fscaps.

func UnshiftACL 

func UnshiftACL(value string, set *Set) (string, error)

UnshiftACL unshifts the uid/gid in the raw ACL entry.

func UnshiftCaps 

func UnshiftCaps(value string, set *Set) (string, error)

UnshiftCaps unshifts the uid/gid in the raw fscaps.

Types

type ByHostID added in v0.5.0 

type ByHostID Set

ByHostID allows for sorting an Set by host id.

func (ByHostID) Len added in v0.5.0 

func (s ByHostID) Len() int

func (ByHostID) Less added in v0.5.0 

func (s ByHostID) Less(i, j int) bool

func (ByHostID) Swap added in v0.5.0 

func (s ByHostID) Swap(i, j int)

type Entry added in v0.5.0 

type Entry struct {
	IsUID    bool  `json:"Isuid"`
	IsGID    bool  `json:"Isgid"`
	HostID   int64 `json:"Hostid"` // id as seen on the host - i.e. 100000
	NSID     int64 `json:"Nsid"`   // id as seen in the ns - i.e. 0
	MapRange int64 `json:"Maprange"`
}

Entry is a single idmap entry (line).

func (*Entry) Clone added in v0.5.0 

func (e *Entry) Clone() *Entry

Clone gets a distinct copy of the entry.

func (*Entry) HostIDsCoveredBy added in v0.5.0 

func (e *Entry) HostIDsCoveredBy(allowedHostUIDs []Entry, allowedHostGIDs []Entry) bool

HostIDsCoveredBy returns whether or not the entry is covered by the supplied host UID and GID ID maps. If e.IsUID is true then host IDs must be covered by an entry in allowedHostUIDs, and if e.IsGID is true then host IDs must be covered by an entry in allowedHostGIDs.

func (*Entry) HostIDsIntersect added in v0.5.0 

func (e *Entry) HostIDsIntersect(i Entry) bool

HostIDsIntersect checks whether the provided entry intersects with the host IDs of the existing one.

func (*Entry) Intersects added in v0.5.0 

func (e *Entry) Intersects(i Entry) bool

Intersects checks whether the provided entry intersects with the existing one.

func (*Entry) ToLXCString added in v0.5.0 

func (e *Entry) ToLXCString() []string

ToLXCString converts an Entry into its LXC representation.

func (*Entry) Usable added in v0.5.0 

func (e *Entry) Usable() error

Usable checks whether the entry is usable on this system.

type IdmapStorageType 

type IdmapStorageType string

type Range added in v0.5.0 

type Range struct {
	IsUID   bool
	IsGID   bool
	StartID int64
	EndID   int64
}

Range represents a range of uid or gid.

func (*Range) Contains added in v0.5.0 

func (i *Range) Contains(id int64) bool

Contains checks whether the range contains a particular uid/gid.

type Set added in v0.5.0 

type Set struct {
	Entries []Entry
}

Set is a list of Entry with some functions on it.

func NewSetFromCurrentProcess added in v0.5.0 

func NewSetFromCurrentProcess() (*Set, error)

NewSetFromCurrentProcess returns a Set from the process' current uid/gid map.

func NewSetFromIncusIDMap added in v0.5.0 

func NewSetFromIncusIDMap(value string) (*Set, error)

NewSetFromIncusIDMap parses an Incus raw.idmap into a new idmap Set.

func NewSetFromJSON added in v0.5.0 

func NewSetFromJSON(data string) (*Set, error)

NewSetFromJSON unpacks an idmap Set from its JSON representation.

func NewSetFromSystem added in v0.5.0 

func NewSetFromSystem(rootfs string, username string) (*Set, error)

NewSetFromSystem returns a Set for the specified user from the system's subuid/subgid configuration.

func (*Set) AddSafe added in v0.5.0 

func (m *Set) AddSafe(i Entry) error

AddSafe adds an entry to the idmap set, breaking apart any ranges that the new idmap intersects with in the process.

func (*Set) Append added in v0.5.0 

func (m *Set) Append(s string) (*Set, error)

Append adds an entry to the set.

func (*Set) Equals added in v0.5.0 

func (m *Set) Equals(other *Set) bool

Equals checks if two Set are functionally identical.

func (*Set) FilterPOSIX added in v0.5.0 

func (m *Set) FilterPOSIX() *Set

FilterPOSIX returns a copy of the set with only entries that have a minimum of 65536 IDs.

func (*Set) HostIDsIntersect added in v0.5.0 

func (m *Set) HostIDsIntersect(i Entry) bool

HostIDsIntersect checks if any of the Entry hostids in the set intersects with the provided entry.

func (*Set) Includes added in v0.5.0 

func (m *Set) Includes(sub *Set) bool

Includes checks whether the provided Set is fully covered by the current Set.

func (*Set) Intersects added in v0.5.0 

func (m *Set) Intersects(i Entry) bool

Intersects checks if any of the Entry in the set intersects with the provided entry.

func (*Set) Len added in v0.5.0 

func (m *Set) Len() int

Len returns the number of Entry contained in the set.

func (*Set) Less added in v0.5.0 

func (m *Set) Less(i, j int) bool

Less compares two Entry in the set (used for sorting).

func (*Set) ShiftFromNS added in v0.5.0 

func (m *Set) ShiftFromNS(uid int64, gid int64) (int64, int64)

ShiftFromNS shifts the provided uid and gid into their host equivalent.

func (*Set) ShiftIntoNS added in v0.5.0 

func (m *Set) ShiftIntoNS(uid int64, gid int64) (int64, int64)

ShiftIntoNS shifts the provided uid and gid into their container equivalent.

func (*Set) ShiftPath added in v0.5.0 

func (m *Set) ShiftPath(p string, skipper ShiftSkipper) error

ShiftPath shifts a whole filesystem tree.

func (*Set) Split added in v0.5.0 

func (m *Set) Split(minSize int64, maxSize int64, minHost int64, maxHost int64) (*Set, error)

Split returns a new Set made from a subset of the original set. The minimum and maximum number of uid/gid included is configurable as is the minimum and maximum host ID.

func (*Set) Swap added in v0.5.0 

func (m *Set) Swap(i, j int)

Swap allows swapping two Entry in the set (used for sorting).

func (*Set) ToGIDMappings added in v0.5.0 

func (m *Set) ToGIDMappings() []syscall.SysProcIDMap

ToGIDMappings converts an idmapset to a slice of syscall.SysProcIDMap.

func (*Set) ToJSON added in v0.5.0 

func (m *Set) ToJSON() (string, error)

ToJSON marshals a Set to its JSON reprensetation.

func (*Set) ToLXCString added in v0.5.0 

func (m *Set) ToLXCString() []string

ToLXCString converts the set to a slice of LXC configuration entries.

func (*Set) ToUIDMappings added in v0.5.0 

func (m *Set) ToUIDMappings() []syscall.SysProcIDMap

ToUIDMappings converts an idmapset to a slice of syscall.SysProcIDMap.

func (*Set) UnshiftPath added in v0.5.0 

func (m *Set) UnshiftPath(p string, skipper ShiftSkipper) error

UnshiftPath unshifts a whole filesystem tree.

func (*Set) Usable added in v0.5.0 

func (m *Set) Usable() error

Usable checks that all Entry in the set are usable.

func (*Set) ValidRanges added in v0.5.0 

func (m *Set) ValidRanges() ([]*Range, error)

ValidRanges turns the set into a slice of Range.

type ShiftSkipper added in v0.5.0 

type ShiftSkipper func(dir string, absPath string, fi os.FileInfo, newuid int64, newgid int64) error

ShiftSkipper is a function used to skip shifting or unshifting specific paths.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.