libcontainer: CurrentGroupSubGIDs -> CurrentUserSubGIDs

subgid is defined per user, not group (see subgid(5))

This commit also adds support for specifying subuid owner with a numeric UID.

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2018-08-29 07:32:54 +09:00
parent 1555a78945
commit b34d6d8a7c
1 changed files with 12 additions and 10 deletions

View File

@ -5,6 +5,7 @@ package user
import ( import (
"io" "io"
"os" "os"
"strconv"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
@ -115,22 +116,23 @@ func CurrentGroup() (Group, error) {
return LookupGid(unix.Getgid()) return LookupGid(unix.Getgid())
} }
func CurrentUserSubUIDs() ([]SubID, error) { func currentUserSubIDs(fileName string) ([]SubID, error) {
u, err := CurrentUser() u, err := CurrentUser()
if err != nil { if err != nil {
return nil, err return nil, err
} }
return ParseSubIDFileFilter("/etc/subuid", filter := func(entry SubID) bool {
func(entry SubID) bool { return entry.Name == u.Name }) return entry.Name == u.Name || entry.Name == strconv.Itoa(u.Uid)
}
return ParseSubIDFileFilter(fileName, filter)
} }
func CurrentGroupSubGIDs() ([]SubID, error) { func CurrentUserSubUIDs() ([]SubID, error) {
g, err := CurrentGroup() return currentUserSubIDs("/etc/subuid")
if err != nil { }
return nil, err
} func CurrentUserSubGIDs() ([]SubID, error) {
return ParseSubIDFileFilter("/etc/subgid", return currentUserSubIDs("/etc/subgid")
func(entry SubID) bool { return entry.Name == g.Name })
} }
func CurrentProcessUIDMap() ([]IDMap, error) { func CurrentProcessUIDMap() ([]IDMap, error) {