-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libcontainer/system: move userns utilities to separate packaage
Moving these utilities to a separate package, so that consumers of this package don't have to pull in the whole "system" package. Looking at uses of these utilities (outside of runc itself); - `RunningInUserNS()` is used by [various external consumers][1] - `UIDMapInUserNS()` is not used anywhere, [only internally][2], and should be un-exported / moved into `RunningInUserNS()` - `GetParentNSeuid()` is not used by runc itself, and only used by a [single external project][3]. We should consider removing it. [1]: https://grep.app/search?current=2&q=.RunningInUserNS [2]: https://grep.app/search?q=.UIDMapInUserNS [3]: https://grep.app/search?q=.GetParentNSeuid Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Loading branch information
Showing
16 changed files
with
130 additions
and
96 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package system | ||
|
||
import "github.com/opencontainers/runc/libcontainer/userns" | ||
|
||
var ( | ||
// RunningInUserNS detects whether we are currently running in a user namespace. | ||
// Originally copied from github.com/lxc/lxd/shared/util.go | ||
// Deprecated: use github.com/opencontainers/runc/libcontainer/userns.RunningInUserNS | ||
RunningInUserNS = userns.RunningInUserNS | ||
|
||
// Deprecated: use github.com/opencontainers/runc/libcontainer/userns.UIDMapInUserNS | ||
UIDMapInUserNS = userns.RunningInUserNS | ||
|
||
// GetParentNSeuid returns the euid within the parent user namespace | ||
// Deprecated: use github.com/opencontainers/runc/libcontainer/userns.RunningInUserNS | ||
GetParentNSeuid = userns.RunningInUserNS | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
package userns | ||
|
||
var ( | ||
// RunningInUserNS detects whether we are currently running in a user namespace. | ||
// Originally copied from github.com/lxc/lxd/shared/util.go | ||
RunningInUserNS = runningInUserNS | ||
|
||
UIDMapInUserNS = uidMapInUserNS | ||
|
||
// GetParentNSeuid returns the euid within the parent user namespace | ||
GetParentNSeuid = getParentNSeuid | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
package userns | ||
|
||
import ( | ||
"os" | ||
"sync" | ||
|
||
"github.com/opencontainers/runc/libcontainer/user" | ||
) | ||
|
||
var ( | ||
inUserNS bool | ||
nsOnce sync.Once | ||
) | ||
|
||
// runningInUserNS detects whether we are currently running in a user namespace. | ||
// Originally copied from github.com/lxc/lxd/shared/util.go | ||
func runningInUserNS() bool { | ||
nsOnce.Do(func() { | ||
uidmap, err := user.CurrentProcessUIDMap() | ||
if err != nil { | ||
// This kernel-provided file only exists if user namespaces are supported | ||
return | ||
} | ||
inUserNS = uidMapInUserNS(uidmap) | ||
}) | ||
return inUserNS | ||
} | ||
|
||
func uidMapInUserNS(uidmap []user.IDMap) bool { | ||
/* | ||
* We assume we are in the initial user namespace if we have a full | ||
* range - 4294967295 uids starting at uid 0. | ||
*/ | ||
if len(uidmap) == 1 && uidmap[0].ID == 0 && uidmap[0].ParentID == 0 && uidmap[0].Count == 4294967295 { | ||
return false | ||
} | ||
return true | ||
} | ||
|
||
// getParentNSeuid returns the euid within the parent user namespace | ||
func getParentNSeuid() int64 { | ||
euid := int64(os.Geteuid()) | ||
uidmap, err := user.CurrentProcessUIDMap() | ||
if err != nil { | ||
// This kernel-provided file only exists if user namespaces are supported | ||
return euid | ||
} | ||
for _, um := range uidmap { | ||
if um.ID <= euid && euid <= um.ID+um.Count-1 { | ||
return um.ParentID + euid - um.ID | ||
} | ||
} | ||
return euid | ||
} |
2 changes: 1 addition & 1 deletion
2
libcontainer/system/linux_test.go → libcontainer/userns/userns_linux_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
// +build linux | ||
|
||
package system | ||
package userns | ||
|
||
import ( | ||
"strings" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
// +build !linux | ||
|
||
package userns | ||
|
||
import ( | ||
"os" | ||
|
||
"github.com/opencontainers/runc/libcontainer/user" | ||
) | ||
|
||
// runningInUserNS is a stub for non-Linux systems | ||
// Always returns false | ||
func runningInUserNS() bool { | ||
return false | ||
} | ||
|
||
// uidMapInUserNS is a stub for non-Linux systems | ||
// Always returns false | ||
func uidMapInUserNS(uidmap []user.IDMap) bool { | ||
return false | ||
} | ||
|
||
// getParentNSeuid returns the euid within the parent user namespace | ||
// Always returns os.Geteuid on non-linux | ||
func getParentNSeuid() int { | ||
return os.Geteuid() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters