IDMapMountWithAttrs clones the mount at source to target with the provided mount options and idmapping of the user namespace.
(source, target string, usernsFd int, attrSet uint64, attrClr uint64)
| 84 | |
| 85 | // IDMapMountWithAttrs clones the mount at source to target with the provided mount options and idmapping of the user namespace. |
| 86 | func IDMapMountWithAttrs(source, target string, usernsFd int, attrSet uint64, attrClr uint64) (err error) { |
| 87 | var ( |
| 88 | attr unix.MountAttr |
| 89 | ) |
| 90 | |
| 91 | attr.Attr_set = unix.MOUNT_ATTR_IDMAP | attrSet |
| 92 | attr.Attr_clr = attrClr |
| 93 | attr.Propagation = unix.MS_PRIVATE |
| 94 | attr.Userns_fd = uint64(usernsFd) |
| 95 | |
| 96 | dFd, err := unix.OpenTree(-int(unix.EBADF), source, uint(unix.OPEN_TREE_CLONE|unix.OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH|unix.AT_RECURSIVE)) |
| 97 | if err != nil { |
| 98 | return fmt.Errorf("unable to open tree for %s: %w", target, err) |
| 99 | } |
| 100 | |
| 101 | defer unix.Close(dFd) |
| 102 | if err = unix.MountSetattr(dFd, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE, &attr); err != nil { |
| 103 | return fmt.Errorf("unable to shift GID/UID or set mount attrs for %s: %w", target, err) |
| 104 | } |
| 105 | |
| 106 | if err = unix.MoveMount(dFd, "", -int(unix.EBADF), target, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil { |
| 107 | return fmt.Errorf("unable to attach mount tree to %s: %w", target, err) |
| 108 | } |
| 109 | return nil |
| 110 | } |
| 111 | |
| 112 | // GetUsernsFD forks the current process and creates a user namespace using the specified mappings. |
| 113 | // Expected syntax of ID mapping parameter is "%d:%d:%d[,%d:%d:%d,...]" |
searching dependent graphs…