Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddNamespaceRangesUser

func AddNamespaceRangesUser(name string) (int, int, error)

    AddNamespaceRangesUser takes a username and uses the standard system utility to create a system user/group pair used to hold the /etc/sub{uid,gid} ranges which will be used for user namespace mapping ranges in containers.

    func CanAccess

    func CanAccess(path string, pair Identity) bool

      CanAccess takes a valid (existing) directory and a uid, gid pair and determines if that uid, gid pair has access (execute bit) to the directory

      func GetRootUIDGID

      func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error)

        GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. If the maps are empty, then the root uid/gid will default to "real" 0/0

        func LookupGID

        func LookupGID(gid int) (user.Group, error)

          LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

          func LookupGroup

          func LookupGroup(name string) (user.Group, error)

            LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

            func LookupUID

            func LookupUID(uid int) (user.User, error)

              LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

              func LookupUser

              func LookupUser(name string) (user.User, error)

                LookupUser uses traditional local system files lookup (from libcontainer/user) on a username, followed by a call to `getent` for supporting host configured non-files passwd and group dbs

                func MkdirAllAndChown

                func MkdirAllAndChown(path string, mode os.FileMode, owner Identity) error

                  MkdirAllAndChown creates a directory (include any along the path) and then modifies ownership to the requested uid/gid. If the directory already exists, this function will still change ownership and permissions.

                  func MkdirAllAndChownNew

                  func MkdirAllAndChownNew(path string, mode os.FileMode, owner Identity) error

                    MkdirAllAndChownNew creates a directory (include any along the path) and then modifies ownership ONLY of newly created directories to the requested uid/gid. If the directories along the path exist, no change of ownership or permissions will be performed

                    func MkdirAndChown

                    func MkdirAndChown(path string, mode os.FileMode, owner Identity) error

                      MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. If the directory already exists, this function still changes ownership and permissions. Note that unlike os.Mkdir(), this function does not return IsExist error in case path already exists.

                      Types

                      type IDMap

                      type IDMap struct {
                      	ContainerID int `json:"container_id"`
                      	HostID      int `json:"host_id"`
                      	Size        int `json:"size"`
                      }

                        IDMap contains a single entry for user namespace range remapping. An array of IDMap entries represents the structure that will be provided to the Linux kernel for creating a user namespace.

                        type Identity

                        type Identity struct {
                        	UID int
                        	GID int
                        	SID string
                        }

                          Identity is either a UID and GID pair or a SID (but not both)

                          func CurrentIdentity

                          func CurrentIdentity() Identity

                            CurrentIdentity returns the identity of the current process

                            type IdentityMapping

                            type IdentityMapping struct {
                            	// contains filtered or unexported fields
                            }

                              IdentityMapping contains a mappings of UIDs and GIDs

                              func NewIDMappingsFromMaps

                              func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IdentityMapping

                                NewIDMappingsFromMaps creates a new mapping from two slices Deprecated: this is a temporary shim while transitioning to IDMapping

                                func NewIdentityMapping

                                func NewIdentityMapping(name string) (*IdentityMapping, error)

                                  NewIdentityMapping takes a requested username and using the data from /etc/sub{uid,gid} ranges, creates the proper uid and gid remapping ranges for that user/group pair

                                  func (*IdentityMapping) Empty

                                  func (i *IdentityMapping) Empty() bool

                                    Empty returns true if there are no id mappings

                                    func (*IdentityMapping) GIDs

                                    func (i *IdentityMapping) GIDs() []IDMap

                                      GIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs

                                      func (*IdentityMapping) RootPair

                                      func (i *IdentityMapping) RootPair() Identity

                                        RootPair returns a uid and gid pair for the root user. The error is ignored because a root user always exists, and the defaults are correct when the uid and gid maps are empty.

                                        func (*IdentityMapping) ToContainer

                                        func (i *IdentityMapping) ToContainer(pair Identity) (int, int, error)

                                          ToContainer returns the container UID and GID for the host uid and gid

                                          func (*IdentityMapping) ToHost

                                          func (i *IdentityMapping) ToHost(pair Identity) (Identity, error)

                                            ToHost returns the host UID and GID for the container uid, gid. Remapping is only performed if the ids aren't already the remapped root ids

                                            func (*IdentityMapping) UIDs

                                            func (i *IdentityMapping) UIDs() []IDMap

                                              UIDs return the UID mapping TODO: remove this once everything has been refactored to use pairs