idtools

package
v20.10.12+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2021 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddNamespaceRangesUser 

func AddNamespaceRangesUser(name string) (int, int, error)

AddNamespaceRangesUser takes a username and uses the standard system utility to create a system user/group pair used to hold the /etc/sub{uid,gid} ranges which will be used for user namespace mapping ranges in containers.

func CanAccess 

func CanAccess(path string, pair Identity) bool

CanAccess takes a valid (existing) directory and a uid, gid pair and determines if that uid, gid pair has access (execute bit) to the directory

func GetRootUIDGID 

func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error)

GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. If the maps are empty, then the root uid/gid will default to "real" 0/0

func LookupGID 

func LookupGID(gid int) (user.Group, error)

LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupGroup 

func LookupGroup(name string) (user.Group, error)

LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupUID 

func LookupUID(uid int) (user.User, error)

LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func LookupUser 

func LookupUser(name string) (user.User, error)

LookupUser uses traditional local system files lookup (from libcontainer/user) on a username, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

func MkdirAllAndChown 

func MkdirAllAndChown(path string, mode os.FileMode, owner Identity) error

MkdirAllAndChown creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership and permissions.

func MkdirAllAndChownNew 

func MkdirAllAndChownNew(path string, mode os.FileMode, owner Identity) error

MkdirAllAndChownNew creates a directory (include any along the path) and then modifies ownership ONLY of newly created directories to the requested uid/gid. If the directories along the path exist, no change of ownership or permissions will be performed

func MkdirAndChown 

func MkdirAndChown(path string, mode os.FileMode, owner Identity) error

MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership and permissions. Note that unlike os.Mkdir(), this function does not return IsExist error in case path already exists.

Types

type IDMap 

type IDMap struct {
	ContainerID int `json:"container_id"`
	HostID      int `json:"host_id"`
	Size        int `json:"size"`
}

IDMap contains a single entry for user namespace range remapping. An array of IDMap entries represents the structure that will be provided to the Linux kernel for creating a user namespace.

type Identity 

type Identity struct {
	UID int
	GID int
	SID string
}

Identity is either a UID and GID pair or a SID (but not both)

func CurrentIdentity 

func CurrentIdentity() Identity

CurrentIdentity returns the identity of the current process

type IdentityMapping 

type IdentityMapping struct {
	// contains filtered or unexported fields
}

IdentityMapping contains a mappings of UIDs and GIDs

func NewIDMappingsFromMaps 

func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IdentityMapping

NewIDMappingsFromMaps creates a new mapping from two slices Deprecated: this is a temporary shim while transitioning to IDMapping

func NewIdentityMapping 

func NewIdentityMapping(name string) (*IdentityMapping, error)

NewIdentityMapping takes a requested username and using the data from /etc/sub{uid,gid} ranges, creates the proper uid and gid remapping ranges for that user/group pair

func (*IdentityMapping) Empty 

func (i *IdentityMapping) Empty() bool

Empty returns true if there are no id mappings

func (*IdentityMapping) GIDs 

func (i *IdentityMapping) GIDs() []IDMap

GIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs

func (*IdentityMapping) RootPair 

func (i *IdentityMapping) RootPair() Identity

RootPair returns a uid and gid pair for the root user. The error is ignored because a root user always exists, and the defaults are correct when the uid and gid maps are empty.

func (*IdentityMapping) ToContainer 

func (i *IdentityMapping) ToContainer(pair Identity) (int, int, error)

ToContainer returns the container UID and GID for the host uid and gid

func (*IdentityMapping) ToHost 

func (i *IdentityMapping) ToHost(pair Identity) (Identity, error)

ToHost returns the host UID and GID for the container uid, gid. Remapping is only performed if the ids aren't already the remapped root ids

func (*IdentityMapping) UIDs 

func (i *IdentityMapping) UIDs() []IDMap

UIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.