idtools

package
v23.0.7+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 6, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddNamespaceRangesUser 

func AddNamespaceRangesUser(name string) (int, int, error)

AddNamespaceRangesUser takes a username and uses the standard system utility to create a system user/group pair used to hold the /etc/sub{uid,gid} ranges which will be used for user namespace mapping ranges in containers.

func CanAccess added in v1.13.0 

func CanAccess(path string, pair Identity) bool

CanAccess takes a valid (existing) directory and a uid, gid pair and determines if that uid, gid pair has access (execute bit) to the directory

func GetRootUIDGID 

func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error)

GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. If the maps are empty, then the root uid/gid will default to "real" 0/0

func LookupGID added in v1.13.0 

func LookupGID(gid int) (user.Group, error)

LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupGroup added in v1.13.0 

func LookupGroup(name string) (user.Group, error)

LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupUID added in v1.13.0 

func LookupUID(uid int) (user.User, error)

LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupUser added in v1.13.0 

func LookupUser(name string) (user.User, error)

LookupUser uses traditional local system files lookup (from libcontainer/user) on a username, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func MkdirAllAndChown 

func MkdirAllAndChown(path string, mode os.FileMode, owner Identity) error

MkdirAllAndChown creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership and permissions.

func MkdirAllAndChownNew 

func MkdirAllAndChownNew(path string, mode os.FileMode, owner Identity) error

MkdirAllAndChownNew creates a directory (include any along the path) and then modifies ownership ONLY of newly created directories to the requested uid/gid. If the directories along the path exist, no change of ownership or permissions will be performed

func MkdirAndChown 

func MkdirAndChown(path string, mode os.FileMode, owner Identity) error

MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership and permissions. Note that unlike os.Mkdir(), this function does not return IsExist error in case path already exists.

Types

type IDMap 

type IDMap struct {
	ContainerID int `json:"container_id"`
	HostID      int `json:"host_id"`
	Size        int `json:"size"`
}

IDMap contains a single entry for user namespace range remapping. An array of IDMap entries represents the structure that will be provided to the Linux kernel for creating a user namespace.

type Identity 

type Identity struct {
	UID int
	GID int
	SID string
}

Identity is either a UID and GID pair or a SID (but not both)

func CurrentIdentity 

func CurrentIdentity() Identity

CurrentIdentity returns the identity of the current process

func (Identity) Chown 

func (id Identity) Chown(name string) error

Chown changes the numeric uid and gid of the named file to id.UID and id.GID.

type IdentityMapping 

type IdentityMapping struct {
	UIDMaps []IDMap `json:"UIDMaps"`
	GIDMaps []IDMap `json:"GIDMaps"`
}

IdentityMapping contains a mappings of UIDs and GIDs. The zero value represents an empty mapping.

func LoadIdentityMapping 

func LoadIdentityMapping(name string) (IdentityMapping, error)

LoadIdentityMapping takes a requested username and using the data from /etc/sub{uid,gid} ranges, creates the proper uid and gid remapping ranges for that user/group pair

func NewIdentityMapping deprecated 

func NewIdentityMapping(name string) (*IdentityMapping, error)

NewIdentityMapping takes a requested username and using the data from /etc/sub{uid,gid} ranges, creates the proper uid and gid remapping ranges for that user/group pair

Deprecated: Use LoadIdentityMapping.

func (IdentityMapping) Empty 

func (i IdentityMapping) Empty() bool

Empty returns true if there are no id mappings

func (IdentityMapping) GIDs deprecated 

func (i IdentityMapping) GIDs() []IDMap

GIDs returns the mapping for GID.

Deprecated: reference the GIDMaps field directly.

func (IdentityMapping) RootPair 

func (i IdentityMapping) RootPair() Identity

RootPair returns a uid and gid pair for the root user. The error is ignored because a root user always exists, and the defaults are correct when the uid and gid maps are empty.

func (IdentityMapping) ToContainer 

func (i IdentityMapping) ToContainer(pair Identity) (int, int, error)

ToContainer returns the container UID and GID for the host uid and gid

func (IdentityMapping) ToHost 

func (i IdentityMapping) ToHost(pair Identity) (Identity, error)

ToHost returns the host UID and GID for the container uid, gid. Remapping is only performed if the ids aren't already the remapped root ids

func (IdentityMapping) UIDs deprecated 

func (i IdentityMapping) UIDs() []IDMap

UIDs returns the mapping for UID.

Deprecated: reference the UIDMaps field directly.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.