MCPcopy
hub / github.com/containerd/containerd / IDMapMountWithAttrs

Function IDMapMountWithAttrs

core/mount/mount_idmapped_linux.go:86–110  ·  view source on GitHub ↗

IDMapMountWithAttrs clones the mount at source to target with the provided mount options and idmapping of the user namespace.

(source, target string, usernsFd int, attrSet uint64, attrClr uint64)

Source from the content-addressed store, hash-verified

84
85// IDMapMountWithAttrs clones the mount at source to target with the provided mount options and idmapping of the user namespace.
86func IDMapMountWithAttrs(source, target string, usernsFd int, attrSet uint64, attrClr uint64) (err error) {
87 var (
88 attr unix.MountAttr
89 )
90
91 attr.Attr_set = unix.MOUNT_ATTR_IDMAP | attrSet
92 attr.Attr_clr = attrClr
93 attr.Propagation = unix.MS_PRIVATE
94 attr.Userns_fd = uint64(usernsFd)
95
96 dFd, err := unix.OpenTree(-int(unix.EBADF), source, uint(unix.OPEN_TREE_CLONE|unix.OPEN_TREE_CLOEXEC|unix.AT_EMPTY_PATH|unix.AT_RECURSIVE))
97 if err != nil {
98 return fmt.Errorf("unable to open tree for %s: %w", target, err)
99 }
100
101 defer unix.Close(dFd)
102 if err = unix.MountSetattr(dFd, "", unix.AT_EMPTY_PATH|unix.AT_RECURSIVE, &attr); err != nil {
103 return fmt.Errorf("unable to shift GID/UID or set mount attrs for %s: %w", target, err)
104 }
105
106 if err = unix.MoveMount(dFd, "", -int(unix.EBADF), target, unix.MOVE_MOUNT_F_EMPTY_PATH); err != nil {
107 return fmt.Errorf("unable to attach mount tree to %s: %w", target, err)
108 }
109 return nil
110}
111
112// GetUsernsFD forks the current process and creates a user namespace using the specified mappings.
113// Expected syntax of ID mapping parameter is "%d:%d:%d[,%d:%d:%d,...]"

Callers 4

SupportsIDMappedMountsFunction · 0.92
doPrepareIDMappedOverlayFunction · 0.85
testIDMapMountWithAttrsFunction · 0.85
IDMapMountFunction · 0.85

Calls 1

CloseMethod · 0.65

Tested by 1

testIDMapMountWithAttrsFunction · 0.68

Used in the wild real call sites across dependent graphs

searching dependent graphs…