2015-06-05 19:23:32 +08:00
|
|
|
// +build freebsd linux
|
|
|
|
|
2015-05-14 06:42:16 +08:00
|
|
|
package configs
|
|
|
|
|
|
|
|
import "fmt"
|
|
|
|
|
2016-04-12 16:12:23 +08:00
|
|
|
// HostUID gets the root uid for the process on host which could be non-zero
|
2015-05-14 06:42:16 +08:00
|
|
|
// when user namespaces are enabled.
|
|
|
|
func (c Config) HostUID() (int, error) {
|
|
|
|
if c.Namespaces.Contains(NEWUSER) {
|
|
|
|
if c.UidMappings == nil {
|
|
|
|
return -1, fmt.Errorf("User namespaces enabled, but no user mappings found.")
|
|
|
|
}
|
|
|
|
id, found := c.hostIDFromMapping(0, c.UidMappings)
|
|
|
|
if !found {
|
|
|
|
return -1, fmt.Errorf("User namespaces enabled, but no root user mapping found.")
|
|
|
|
}
|
|
|
|
return id, nil
|
|
|
|
}
|
|
|
|
// Return default root uid 0
|
|
|
|
return 0, nil
|
|
|
|
}
|
|
|
|
|
2016-04-12 16:12:23 +08:00
|
|
|
// HostGID gets the root gid for the process on host which could be non-zero
|
2015-05-14 06:42:16 +08:00
|
|
|
// when user namespaces are enabled.
|
|
|
|
func (c Config) HostGID() (int, error) {
|
|
|
|
if c.Namespaces.Contains(NEWUSER) {
|
|
|
|
if c.GidMappings == nil {
|
|
|
|
return -1, fmt.Errorf("User namespaces enabled, but no gid mappings found.")
|
|
|
|
}
|
|
|
|
id, found := c.hostIDFromMapping(0, c.GidMappings)
|
|
|
|
if !found {
|
2015-10-05 01:11:48 +08:00
|
|
|
return -1, fmt.Errorf("User namespaces enabled, but no root group mapping found.")
|
2015-05-14 06:42:16 +08:00
|
|
|
}
|
|
|
|
return id, nil
|
|
|
|
}
|
2015-10-05 01:11:48 +08:00
|
|
|
// Return default root gid 0
|
2015-05-14 06:42:16 +08:00
|
|
|
return 0, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Utility function that gets a host ID for a container ID from user namespace map
|
|
|
|
// if that ID is present in the map.
|
|
|
|
func (c Config) hostIDFromMapping(containerID int, uMap []IDMap) (int, bool) {
|
|
|
|
for _, m := range uMap {
|
|
|
|
if (containerID >= m.ContainerID) && (containerID <= (m.ContainerID + m.Size - 1)) {
|
|
|
|
hostID := m.HostID + (containerID - m.ContainerID)
|
|
|
|
return hostID, true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return -1, false
|
|
|
|
}
|