(id string, i Image, uidmaps, gidmaps []specs.LinuxIDMapping, readonly bool)
| 61 | } |
| 62 | |
| 63 | func withRemappedSnapshotBase(id string, i Image, uidmaps, gidmaps []specs.LinuxIDMapping, readonly bool) NewContainerOpts { |
| 64 | return func(ctx context.Context, client *Client, c *containers.Container) error { |
| 65 | diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), client.platform) |
| 66 | if err != nil { |
| 67 | return err |
| 68 | } |
| 69 | |
| 70 | rsn := remappedSnapshot{ |
| 71 | Parent: identity.ChainID(diffIDs).String(), |
| 72 | IDMap: userns.IDMap{UidMap: uidmaps, GidMap: gidmaps}, |
| 73 | } |
| 74 | usernsID, err := rsn.ID() |
| 75 | if err != nil { |
| 76 | return fmt.Errorf("failed to remap snapshot: %w", err) |
| 77 | } |
| 78 | |
| 79 | c.Snapshotter, err = client.resolveSnapshotterName(ctx, c.Snapshotter) |
| 80 | if err != nil { |
| 81 | return err |
| 82 | } |
| 83 | snapshotter, err := client.getSnapshotter(ctx, c.Snapshotter) |
| 84 | if err != nil { |
| 85 | return err |
| 86 | } |
| 87 | if _, err := snapshotter.Stat(ctx, usernsID); err == nil { |
| 88 | if _, err := snapshotter.Prepare(ctx, id, usernsID); err == nil { |
| 89 | c.SnapshotKey = id |
| 90 | c.Image = i.Name() |
| 91 | return nil |
| 92 | } else if !errdefs.IsNotFound(err) { |
| 93 | return err |
| 94 | } |
| 95 | } |
| 96 | mounts, err := snapshotter.Prepare(ctx, usernsID+"-remap", rsn.Parent) |
| 97 | if err != nil { |
| 98 | return err |
| 99 | } |
| 100 | if err := remapRootFS(ctx, mounts, rsn.IDMap); err != nil { |
| 101 | snapshotter.Remove(ctx, usernsID) |
| 102 | return err |
| 103 | } |
| 104 | if err := snapshotter.Commit(ctx, usernsID, usernsID+"-remap"); err != nil { |
| 105 | return err |
| 106 | } |
| 107 | if readonly { |
| 108 | _, err = snapshotter.View(ctx, id, usernsID) |
| 109 | } else { |
| 110 | _, err = snapshotter.Prepare(ctx, id, usernsID) |
| 111 | } |
| 112 | if err != nil { |
| 113 | return err |
| 114 | } |
| 115 | c.SnapshotKey = id |
| 116 | c.Image = i.Name() |
| 117 | return nil |
| 118 | } |
| 119 | } |
| 120 |
no test coverage detected
searching dependent graphs…