Documentation ¶
Overview ¶
Package auth implements an access control model that is a subset of Linux's.
The auth package supports two kinds of access controls: user/group IDs and capabilities. Each resource in the security model is associated with a user namespace; "privileged" operations check that the operator's credentials have the required user/group IDs or capabilities within the user namespace of accessed resources.
Index ¶
- Constants
- Variables
- func ContextWithCredentials(ctx context.Context, creds *Credentials) context.Context
- func CopyGIDSliceIn(cc marshal.CopyContext, addr hostarch.Addr, dst []GID) (int, error)
- func CopyGIDSliceOut(cc marshal.CopyContext, addr hostarch.Addr, src []GID) (int, error)
- func MarshalUnsafeGIDSlice(src []GID, dst []byte) []byte
- func ThreadGroupIDFromContext(ctx context.Context) (tgid int32, ok bool)
- func UnmarshalUnsafeGIDSlice(dst []GID, src []byte) []byte
- type AtomicPtrCredentials
- func (p *AtomicPtrCredentials) Load() *Credentials
- func (p *AtomicPtrCredentials) StateFields() []string
- func (p *AtomicPtrCredentials) StateLoad(ctx context.Context, stateSourceObject state.Source)
- func (p *AtomicPtrCredentials) StateSave(stateSinkObject state.Sink)
- func (p *AtomicPtrCredentials) StateTypeName() string
- func (p *AtomicPtrCredentials) Store(x *Credentials)
- func (p *AtomicPtrCredentials) Swap(x *Credentials) *Credentials
- type CapabilitySet
- type Credentials
- func CapsFromVfsCaps(capData VfsCapData, creds *Credentials) (*Credentials, error)
- func CredentialsFromContext(ctx context.Context) *Credentials
- func NewAnonymousCredentials() *Credentials
- func NewRootCredentials(ns *UserNamespace) *Credentials
- func NewUserCredentials(kuid KUID, kgid KGID, extraKGIDs []KGID, capabilities *TaskCapabilities, ...) *Credentials
- func (c *Credentials) Fork() *Credentials
- func (c *Credentials) HasCapability(cp linux.Capability) bool
- func (c *Credentials) HasCapabilityIn(cp linux.Capability, ns *UserNamespace) bool
- func (c *Credentials) HasKeyPermission(k *Key, possessed *PossessedKeys, permission KeyPermission) bool
- func (c *Credentials) InGroup(kgid KGID) bool
- func (c *Credentials) LoadSeccheckData(mask seccheck.FieldMask, info *pb.ContextData)
- func (c *Credentials) NewChildUserNamespace() (*UserNamespace, error)
- func (c *Credentials) PossessedKeys(sessionKeyring, processKeyring, threadKeyring *Key) *PossessedKeys
- func (c *Credentials) SetGID(gid GID) error
- func (c *Credentials) SetUID(uid UID) error
- func (c *Credentials) StateFields() []string
- func (c *Credentials) StateLoad(ctx context.Context, stateSourceObject state.Source)
- func (c *Credentials) StateSave(stateSinkObject state.Sink)
- func (c *Credentials) StateTypeName() string
- func (c *Credentials) UseGID(gid GID) (KGID, error)
- func (c *Credentials) UseUID(uid UID) (KUID, error)
- type GID
- func (gid *GID) CopyIn(cc marshal.CopyContext, addr hostarch.Addr) (int, error)
- func (gid *GID) CopyInN(cc marshal.CopyContext, addr hostarch.Addr, limit int) (int, error)
- func (gid *GID) CopyOut(cc marshal.CopyContext, addr hostarch.Addr) (int, error)
- func (gid *GID) CopyOutN(cc marshal.CopyContext, addr hostarch.Addr, limit int) (int, error)
- func (gid *GID) MarshalBytes(dst []byte) []byte
- func (gid *GID) MarshalUnsafe(dst []byte) []byte
- func (gid GID) Ok() bool
- func (gid GID) OrOverflow() GID
- func (gid *GID) Packed() bool
- func (gid *GID) SizeBytes() int
- func (gid *GID) UnmarshalBytes(src []byte) []byte
- func (gid *GID) UnmarshalUnsafe(src []byte) []byte
- func (gid *GID) WriteTo(writer io.Writer) (int64, error)
- type IDMapEntry
- type KGID
- type KUID
- type Key
- func (k *Key) KGID() KGID
- func (k *Key) KUID() KUID
- func (k *Key) Permissions() KeyPermissions
- func (k *Key) StateFields() []string
- func (k *Key) StateLoad(ctx context.Context, stateSourceObject state.Source)
- func (k *Key) StateSave(stateSinkObject state.Sink)
- func (k *Key) StateTypeName() string
- func (k *Key) String() string
- func (*Key) Type() KeyType
- type KeyPermission
- type KeyPermissions
- type KeySerial
- type KeySet
- func (s *KeySet) Do(fn func(*LockedKeySet) error) error
- func (s *KeySet) ForEach(fn func(*Key) bool)
- func (s *KeySet) Lookup(keyID KeySerial) (*Key, error)
- func (s *KeySet) StateFields() []string
- func (s *KeySet) StateLoad(ctx context.Context, stateSourceObject state.Source)
- func (s *KeySet) StateSave(stateSinkObject state.Sink)
- func (s *KeySet) StateTypeName() string
- type KeyType
- type LockedKeySet
- type PossessedKeys
- type TaskCapabilities
- type UID
- func (uid *UID) CopyIn(cc marshal.CopyContext, addr hostarch.Addr) (int, error)
- func (uid *UID) CopyInN(cc marshal.CopyContext, addr hostarch.Addr, limit int) (int, error)
- func (uid *UID) CopyOut(cc marshal.CopyContext, addr hostarch.Addr) (int, error)
- func (uid *UID) CopyOutN(cc marshal.CopyContext, addr hostarch.Addr, limit int) (int, error)
- func (uid *UID) MarshalBytes(dst []byte) []byte
- func (uid *UID) MarshalUnsafe(dst []byte) []byte
- func (uid UID) Ok() bool
- func (uid UID) OrOverflow() UID
- func (uid *UID) Packed() bool
- func (uid *UID) SizeBytes() int
- func (uid *UID) UnmarshalBytes(src []byte) []byte
- func (uid *UID) UnmarshalUnsafe(src []byte) []byte
- func (uid *UID) WriteTo(writer io.Writer) (int64, error)
- type UserNamespace
- func (ns *UserNamespace) GIDMap() []IDMapEntry
- func (ns *UserNamespace) MapFromKGID(kgid KGID) GID
- func (ns *UserNamespace) MapFromKUID(kuid KUID) UID
- func (ns *UserNamespace) MapToKGID(gid GID) KGID
- func (ns *UserNamespace) MapToKUID(uid UID) KUID
- func (ns *UserNamespace) Root() *UserNamespace
- func (ns *UserNamespace) SetGIDMap(ctx context.Context, entries []IDMapEntry) error
- func (ns *UserNamespace) SetUIDMap(ctx context.Context, entries []IDMapEntry) error
- func (ns *UserNamespace) StateFields() []string
- func (ns *UserNamespace) StateLoad(ctx context.Context, stateSourceObject state.Source)
- func (ns *UserNamespace) StateSave(stateSinkObject state.Sink)
- func (ns *UserNamespace) StateTypeName() string
- func (ns *UserNamespace) UIDMap() []IDMapEntry
- type VfsCapData
Constants ¶
const ( // CtxCredentials is a Context.Value key for Credentials. CtxCredentials contextID = iota // CtxThreadGroupID is the current thread group ID when a context represents // a task context. The value is represented as an int32. CtxThreadGroupID contextID = iota )
const ( // NoID is uint32(-1). -1 is consistently used as a special value, in Linux // and by extension in the auth package, to mean "no ID": // // - ID mapping returns -1 if the ID is not mapped. // // - Most set*id() syscalls accept -1 to mean "do not change this ID". NoID = math.MaxUint32 // OverflowUID is the default value of /proc/sys/kernel/overflowuid. The // "overflow UID" is usually [1] used when translating a user ID between // namespaces fails because the ID is not mapped. (We implement this // file as read-only, so the overflow UID is constant.) // // [1] "There is one notable case where unmapped user and group IDs are not // converted to the corresponding overflow ID value. When viewing a uid_map // or gid_map file in which there is no mapping for the second field, that // field is displayed as 4294967295 (-1 as an unsigned integer);" - // user_namespaces(7) OverflowUID = UID(65534) // OverflowGID is the group equivalent to OverflowUID. OverflowGID = GID(65534) // NobodyKUID is the user ID usually reserved for the least privileged user // "nobody". NobodyKUID = KUID(65534) // NobodyKGID is the group equivalent to NobodyKUID. NobodyKGID = KGID(65534) // RootKUID is the user ID usually used for the most privileged user "root". RootKUID = KUID(0) // RootKGID is the group equivalent to RootKUID. RootKGID = KGID(0) // RootUID is the root user. RootUID = UID(0) // RootGID is the root group. RootGID = GID(0) )
const ( // MaxKeyDescSize is the maximum size of the "Description" field of keys. // Corresponds to `KEY_MAX_DESC_SIZE` in Linux. MaxKeyDescSize = 4096 )
Variables ¶
var AllCapabilities = CapabilitySetOf(linux.CAP_LAST_CAP+1) - 1
AllCapabilities is a CapabilitySet containing all valid capabilities.
Functions ¶
func ContextWithCredentials ¶
func ContextWithCredentials(ctx context.Context, creds *Credentials) context.Context
ContextWithCredentials returns a copy of ctx carrying creds.
func CopyGIDSliceIn ¶
CopyGIDSliceIn copies in a slice of GID objects from the task's memory.
func CopyGIDSliceOut ¶
CopyGIDSliceOut copies a slice of GID objects to the task's memory.
func MarshalUnsafeGIDSlice ¶
MarshalUnsafeGIDSlice is like GID.MarshalUnsafe, but for a []GID.
func ThreadGroupIDFromContext ¶
ThreadGroupIDFromContext returns the current thread group ID when ctx represents a task context.
func UnmarshalUnsafeGIDSlice ¶
UnmarshalUnsafeGIDSlice is like GID.UnmarshalUnsafe, but for a []GID.
Types ¶
type AtomicPtrCredentials ¶
type AtomicPtrCredentials struct {
// contains filtered or unexported fields
}
An AtomicPtr is a pointer to a value of type Value that can be atomically loaded and stored. The zero value of an AtomicPtr represents nil.
Note that copying AtomicPtr by value performs a non-atomic read of the stored pointer, which is unsafe if Store() can be called concurrently; in this case, do `dst.Store(src.Load())` instead.
+stateify savable
func (*AtomicPtrCredentials) Load ¶
func (p *AtomicPtrCredentials) Load() *Credentials
Load returns the value set by the most recent Store. It returns nil if there has been no previous call to Store.
func (*AtomicPtrCredentials) StateFields ¶
func (p *AtomicPtrCredentials) StateFields() []string
func (*AtomicPtrCredentials) StateLoad ¶
func (p *AtomicPtrCredentials) StateLoad(ctx context.Context, stateSourceObject state.Source)
+checklocksignore
func (*AtomicPtrCredentials) StateSave ¶
func (p *AtomicPtrCredentials) StateSave(stateSinkObject state.Sink)
+checklocksignore
func (*AtomicPtrCredentials) StateTypeName ¶
func (p *AtomicPtrCredentials) StateTypeName() string
func (*AtomicPtrCredentials) Store ¶
func (p *AtomicPtrCredentials) Store(x *Credentials)
Store sets the value returned by Load to x.
func (*AtomicPtrCredentials) Swap ¶
func (p *AtomicPtrCredentials) Swap(x *Credentials) *Credentials
Swap atomically stores `x` into *p and returns the previous *p value.
type CapabilitySet ¶
type CapabilitySet uint64
A CapabilitySet is a set of capabilities implemented as a bitset. The zero value of CapabilitySet is a set containing no capabilities.
func CapabilitySetOf ¶
func CapabilitySetOf(cp linux.Capability) CapabilitySet
CapabilitySetOf returns a CapabilitySet containing only the given capability.
func CapabilitySetOfMany ¶
func CapabilitySetOfMany(cps []linux.Capability) CapabilitySet
CapabilitySetOfMany returns a CapabilitySet containing the given capabilities.
type Credentials ¶
type Credentials struct { // Real/effective/saved user/group IDs in the root user namespace. None of // these should ever be NoID. RealKUID KUID EffectiveKUID KUID SavedKUID KUID RealKGID KGID EffectiveKGID KGID SavedKGID KGID // Supplementary groups used by set/getgroups. // // ExtraKGIDs slices are immutable, allowing multiple Credentials with the // same ExtraKGIDs to share the same slice. ExtraKGIDs []KGID // The capability sets applicable to this set of credentials. PermittedCaps CapabilitySet InheritableCaps CapabilitySet EffectiveCaps CapabilitySet BoundingCaps CapabilitySet // KeepCaps is the flag for PR_SET_KEEPCAPS which allow capabilities to be // maintained after a switch from root user to non-root user via setuid(). KeepCaps bool // The user namespace associated with the owner of the credentials. UserNamespace *UserNamespace }
Credentials contains information required to authorize privileged operations in a user namespace.
+stateify savable
func CapsFromVfsCaps ¶
func CapsFromVfsCaps(capData VfsCapData, creds *Credentials) (*Credentials, error)
CapsFromVfsCaps returns a copy of the given creds with new capability sets by applying the file capability that is specified by capData.
func CredentialsFromContext ¶
func CredentialsFromContext(ctx context.Context) *Credentials
CredentialsFromContext returns a copy of the Credentials used by ctx, or a set of Credentials with no capabilities if ctx does not have Credentials.
func NewAnonymousCredentials ¶
func NewAnonymousCredentials() *Credentials
NewAnonymousCredentials returns a set of credentials with no capabilities in any user namespace.
func NewRootCredentials ¶
func NewRootCredentials(ns *UserNamespace) *Credentials
NewRootCredentials returns a set of credentials with KUID and KGID 0 (i.e. global root) in user namespace ns.
func NewUserCredentials ¶
func NewUserCredentials(kuid KUID, kgid KGID, extraKGIDs []KGID, capabilities *TaskCapabilities, ns *UserNamespace) *Credentials
NewUserCredentials returns a set of credentials based on the given UID, GIDs, and capabilities in a given namespace. If all arguments are their zero values, this returns the same credentials as NewRootCredentials.
func (*Credentials) Fork ¶
func (c *Credentials) Fork() *Credentials
Fork generates an identical copy of a set of credentials.
func (*Credentials) HasCapability ¶
func (c *Credentials) HasCapability(cp linux.Capability) bool
HasCapability returns true if c has capability cp in its user namespace.
func (*Credentials) HasCapabilityIn ¶
func (c *Credentials) HasCapabilityIn(cp linux.Capability, ns *UserNamespace) bool
HasCapabilityIn returns true if c has capability cp in ns.
func (*Credentials) HasKeyPermission ¶
func (c *Credentials) HasKeyPermission(k *Key, possessed *PossessedKeys, permission KeyPermission) bool
HasKeyPermission returns whether the credentials grant `permission` on `k`.
func (*Credentials) InGroup ¶
func (c *Credentials) InGroup(kgid KGID) bool
InGroup returns true if c is in group kgid. Compare Linux's kernel/groups.c:in_group_p().
func (*Credentials) LoadSeccheckData ¶
func (c *Credentials) LoadSeccheckData(mask seccheck.FieldMask, info *pb.ContextData)
LoadSeccheckData sets credential data based on mask.
func (*Credentials) NewChildUserNamespace ¶
func (c *Credentials) NewChildUserNamespace() (*UserNamespace, error)
NewChildUserNamespace returns a new user namespace created by a caller with credentials c.
func (*Credentials) PossessedKeys ¶
func (c *Credentials) PossessedKeys(sessionKeyring, processKeyring, threadKeyring *Key) *PossessedKeys
PossessedKeys returns a new fully-expanded set of PossessedKeys. The keys passed in are the set of keys that a task directly possesses: session keyring, process keyring, thread keyring. Each key may be nil. PossessedKeys is short-lived; it should only live for so long as there are no changes to the KeySet or to any key permissions.
func (*Credentials) SetGID ¶
func (c *Credentials) SetGID(gid GID) error
SetGID translates the provided gid to the root user namespace and updates c's gids to it. This performs no permissions or capabilities checks, the caller is responsible for ensuring the calling context is permitted to modify c.
func (*Credentials) SetUID ¶
func (c *Credentials) SetUID(uid UID) error
SetUID translates the provided uid to the root user namespace and updates c's uids to it. This performs no permissions or capabilities checks, the caller is responsible for ensuring the calling context is permitted to modify c.
func (*Credentials) StateFields ¶
func (c *Credentials) StateFields() []string
func (*Credentials) StateLoad ¶
func (c *Credentials) StateLoad(ctx context.Context, stateSourceObject state.Source)
+checklocksignore
func (*Credentials) StateSave ¶
func (c *Credentials) StateSave(stateSinkObject state.Sink)
+checklocksignore
func (*Credentials) StateTypeName ¶
func (c *Credentials) StateTypeName() string
type GID ¶
type GID uint32
GID is a group ID in an unspecified user namespace.
+marshal slice:GIDSlice
func (*GID) MarshalBytes ¶
MarshalBytes implements marshal.Marshallable.MarshalBytes.
func (*GID) MarshalUnsafe ¶
MarshalUnsafe implements marshal.Marshallable.MarshalUnsafe.
func (GID) OrOverflow ¶
OrOverflow returns gid if it is valid and the overflow GID otherwise.
func (*GID) UnmarshalBytes ¶
UnmarshalBytes implements marshal.Marshallable.UnmarshalBytes.
func (*GID) UnmarshalUnsafe ¶
UnmarshalUnsafe implements marshal.Marshallable.UnmarshalUnsafe.
type IDMapEntry ¶
type IDMapEntry struct { // FirstID is the first ID in the range in the namespace. FirstID uint32 // FirstParentID is the first ID in the range in the parent namespace. FirstParentID uint32 // Length is the number of IDs in the range. Length uint32 }
An IDMapEntry represents a mapping from a range of contiguous IDs in a user namespace to an equally-sized range of contiguous IDs in the namespace's parent.
+stateify savable
func (*IDMapEntry) StateFields ¶
func (i *IDMapEntry) StateFields() []string
func (*IDMapEntry) StateLoad ¶
func (i *IDMapEntry) StateLoad(ctx context.Context, stateSourceObject state.Source)
+checklocksignore
func (*IDMapEntry) StateSave ¶
func (i *IDMapEntry) StateSave(stateSinkObject state.Sink)
+checklocksignore
func (*IDMapEntry) StateTypeName ¶
func (i *IDMapEntry) StateTypeName() string
type KGID ¶
type KGID uint32
KGID is a group ID in the root user namespace.
func (KGID) In ¶
func (kgid KGID) In(ns *UserNamespace) GID
In translates kgid into user namespace ns. If kgid is not mapped in ns, In returns NoID.
type KUID ¶
type KUID uint32
KUID is a user ID in the root user namespace.
func (KUID) In ¶
func (kuid KUID) In(ns *UserNamespace) UID
In translates kuid into user namespace ns. If kuid is not mapped in ns, In returns NoID.
type Key ¶
type Key struct { // ID is the ID of the key, also often referred to as "serial number". // Note that key IDs passed in syscalls may be negative when they refer to // "special keys", sometimes also referred to as "shortcut IDs". // Key IDs of real instantiated keys are always > 0. // The key ID never changes and is unique within a KeySet (i.e. a user // namespace). // It must be chosen with cryptographic randomness to make enumeration // attacks harder. ID KeySerial // Description is a description of the key. It is also often referred to the // "name" of the key. Keys are canonically identified by their ID, but the // syscall ABI also allows look up keys by their description. // It may not be larger than `KeyMaxDescSize`. // Confusingly, the information returned by the KEYCTL_DESCRIBE operation, // which you'd think means "get the key description", actually returns a // superset of this `Description`. Description string // contains filtered or unexported fields }
Key represents a key in the keyrings subsystem.
+stateify savable
func (*Key) Permissions ¶
func (k *Key) Permissions() KeyPermissions
Permissions returns the permission bits of the key.
func (*Key) StateFields ¶
func (*Key) StateTypeName ¶
type KeyPermission ¶
type KeyPermission int
KeyPermission represents a permission on a key.
const ( KeyView KeyPermission = iota KeyRead KeyWrite KeySearch KeyLink KeySetAttr )
List of known key permissions.
type KeyPermissions ¶
type KeyPermissions uint64
KeyPermissions is the full set of permissions on a single Key.
const ( // Default session keyring name. DefaultSessionKeyringName = "_ses" // Default permissions for unnamed session keyrings: // Possessors have full permissions. // Owners have view and read permissions. DefaultUnnamedSessionKeyringPermissions KeyPermissions = ((keyPermissionAll << keyPossessorPermissionsShift) | ((keyPermissionView | keyPermissionRead) << keyOwnerPermissionsShift)) // Default permissions for named session keyrings: // Possessors have full permissions. // Owners have view, read, and link permissions. DefaultNamedSessionKeyringPermissions KeyPermissions = ((keyPermissionAll << keyPossessorPermissionsShift) | ((keyPermissionView | keyPermissionRead | keyPermissionLink) << keyOwnerPermissionsShift)) )
Default key settings.
func (KeyPermissions) String ¶
func (p KeyPermissions) String() string
String returns a human-readable version of the permission bits.
type KeySerial ¶
type KeySerial int32
KeySerial is a key ID type. Only strictly positive IDs are valid key IDs. The zero ID is meaningless but is specified when creating new keyrings. Strictly negative IDs are used for special key IDs which are internally translated to real key IDs (e.g. KEY_SPEC_SESSION_KEYRING is translated to the caller process's session keyring).
type KeySet ¶
type KeySet struct {
// contains filtered or unexported fields
}
KeySet is a set of keys.
+stateify savable
func (*KeySet) Do ¶
func (s *KeySet) Do(fn func(*LockedKeySet) error) error
Do executes the given function as a transaction on the KeySet. It returns the error that `fn` returns. This is the only function where functions that lock the KeySet.mu for writing may be called.
func (*KeySet) ForEach ¶
ForEach iterates over all keys. If `fn` returns true, iteration stops immediately. Callers must exercise care to only process keys to which they have access.
func (*KeySet) Lookup ¶
Lookup looks up a key by ID. Callers must exercise care to verify that the key can be accessed with proper credentials.
func (*KeySet) StateFields ¶
func (*KeySet) StateTypeName ¶
type KeyType ¶
type KeyType string
KeyType is the type of a key. This is an enum, but is also exposed to userspace in KEYCTL_DESCRIBE. For this reason, it must match Linux.
const (
KeyTypeKeyring KeyType = "keyring"
)
List of known key types.
type LockedKeySet ¶
type LockedKeySet struct {
*KeySet
}
LockedKeySet is a KeySet in a transaction. It exposes functions that can mutate the KeySet or its keys.
func (*LockedKeySet) Add ¶
func (s *LockedKeySet) Add(description string, creds *Credentials, perms KeyPermissions) (*Key, error)
Add adds a new Key to the KeySet.
func (*LockedKeySet) SetPerms ¶
func (s *LockedKeySet) SetPerms(key *Key, newPerms KeyPermissions)
SetPerms sets the permissions on a given key. The caller must have SetAttr permission on the key.
type PossessedKeys ¶
type PossessedKeys struct {
// contains filtered or unexported fields
}
PossessedKeys is an opaque type used during key permission check. When iterating over all keys, the possessed set of keys should only be built once. Since key possession is a recursive property, it can be expensive to determine. PossessedKeys holds all possessed keys at the time it is computed. PossessedKeys is short-lived; it should only live for so long as there are no changes to the KeySet or to any key permissions.
type TaskCapabilities ¶
type TaskCapabilities struct { // Permitted is a limiting superset for the effective capabilities that // the thread may assume. PermittedCaps CapabilitySet // Inheritable is a set of capabilities preserved across an execve(2). InheritableCaps CapabilitySet // Effective is the set of capabilities used by the kernel to perform // permission checks for the thread. EffectiveCaps CapabilitySet // Bounding is a limiting superset for the capabilities that a thread // can add to its inheritable set using capset(2). BoundingCaps CapabilitySet // Ambient is a set of capabilities that are preserved across an // execve(2) of a program that is not privileged. AmbientCaps CapabilitySet }
TaskCapabilities represents all the capability sets for a task. Each of these sets is explained in greater detail in capabilities(7).
type UID ¶
type UID uint32
UID is a user ID in an unspecified user namespace.
+marshal
func (*UID) MarshalBytes ¶
MarshalBytes implements marshal.Marshallable.MarshalBytes.
func (*UID) MarshalUnsafe ¶
MarshalUnsafe implements marshal.Marshallable.MarshalUnsafe.
func (UID) OrOverflow ¶
OrOverflow returns uid if it is valid and the overflow UID otherwise.
func (*UID) UnmarshalBytes ¶
UnmarshalBytes implements marshal.Marshallable.UnmarshalBytes.
func (*UID) UnmarshalUnsafe ¶
UnmarshalUnsafe implements marshal.Marshallable.UnmarshalUnsafe.
type UserNamespace ¶
type UserNamespace struct { // Keys is the set of keys in this namespace. Keys KeySet // contains filtered or unexported fields }
A UserNamespace represents a user namespace. See user_namespaces(7) for details.
+stateify savable
func NewRootUserNamespace ¶
func NewRootUserNamespace() *UserNamespace
NewRootUserNamespace returns a UserNamespace that is appropriate for a system's root user namespace. Note that namespaces returned by separate calls to this function are *distinct* namespaces. Once a root namespace is created by this function, the returned value must be reused to refer to the same namespace.
func (*UserNamespace) GIDMap ¶
func (ns *UserNamespace) GIDMap() []IDMapEntry
GIDMap returns the group ID mappings configured for ns. If no mappings have been configured, GIDMap returns nil.
func (*UserNamespace) MapFromKGID ¶
func (ns *UserNamespace) MapFromKGID(kgid KGID) GID
MapFromKGID translates kgid, a GID in the root namespace, to a GID in ns.
func (*UserNamespace) MapFromKUID ¶
func (ns *UserNamespace) MapFromKUID(kuid KUID) UID
MapFromKUID translates kuid, a UID in the root namespace, to a UID in ns.
func (*UserNamespace) MapToKGID ¶
func (ns *UserNamespace) MapToKGID(gid GID) KGID
MapToKGID translates gid, a GID in ns, to a GID in the root namespace.
func (*UserNamespace) MapToKUID ¶
func (ns *UserNamespace) MapToKUID(uid UID) KUID
MapToKUID translates uid, a UID in ns, to a UID in the root namespace.
func (*UserNamespace) Root ¶
func (ns *UserNamespace) Root() *UserNamespace
Root returns the root of the user namespace tree containing ns.
func (*UserNamespace) SetGIDMap ¶
func (ns *UserNamespace) SetGIDMap(ctx context.Context, entries []IDMapEntry) error
SetGIDMap instructs ns to translate GIDs as specified by entries.
func (*UserNamespace) SetUIDMap ¶
func (ns *UserNamespace) SetUIDMap(ctx context.Context, entries []IDMapEntry) error
SetUIDMap instructs ns to translate UIDs as specified by entries.
Note: SetUIDMap does not place an upper bound on the number of entries, but Linux does. This restriction is implemented in SetUIDMap's caller, the implementation of /proc/[pid]/uid_map.
func (*UserNamespace) StateFields ¶
func (ns *UserNamespace) StateFields() []string
func (*UserNamespace) StateLoad ¶
func (ns *UserNamespace) StateLoad(ctx context.Context, stateSourceObject state.Source)
+checklocksignore
func (*UserNamespace) StateSave ¶
func (ns *UserNamespace) StateSave(stateSinkObject state.Sink)
+checklocksignore
func (*UserNamespace) StateTypeName ¶
func (ns *UserNamespace) StateTypeName() string
func (*UserNamespace) UIDMap ¶
func (ns *UserNamespace) UIDMap() []IDMapEntry
UIDMap returns the user ID mappings configured for ns. If no mappings have been configured, UIDMap returns nil.
type VfsCapData ¶
type VfsCapData struct { MagicEtc uint32 RootID uint32 Permitted CapabilitySet Inheritable CapabilitySet }
VfsCapData is equivalent to Linux's cpu_vfs_cap_data, defined in Linux's include/linux/capability.h.
func VfsCapDataOf ¶
func VfsCapDataOf(data []byte) (VfsCapData, error)
VfsCapDataOf returns a VfsCapData containing the file capabilities for the given slice of bytes. For each field of the cap data, which are in the structure of either vfs_cap_data or vfs_ns_cap_data, the bytes are ordered in little endian.
Source Files ¶
- atomicptr_credentials_unsafe.go
- auth.go
- auth_abi_autogen_unsafe.go
- auth_state_autogen.go
- auth_unsafe_abi_autogen_unsafe.go
- auth_unsafe_state_autogen.go
- capability_set.go
- context.go
- credentials.go
- id.go
- id_map.go
- id_map_functions.go
- id_map_range.go
- id_map_set.go
- key.go
- keyset_mutex.go
- keyset_transaction_mutex.go
- user_namespace.go
- user_namespace_mutex.go