MCPcopy Index your code
hub / github.com/containerd/containerd / getUnprivilegedMountFlags

Function getUnprivilegedMountFlags

core/mount/mount_linux.go:225–250  ·  view source on GitHub ↗

Get the set of mount flags that are set on the mount that contains the given path and are locked by CL_UNPRIVILEGED. From https://github.com/moby/moby/blob/v23.0.1/daemon/oci_linux.go#L430-L460

(path string)

Source from the content-addressed store, hash-verified

223//
224// From https://github.com/moby/moby/blob/v23.0.1/daemon/oci_linux.go#L430-L460
225func getUnprivilegedMountFlags(path string) (int, error) {
226 var statfs unix.Statfs_t
227 if err := unix.Statfs(path, &statfs); err != nil {
228 return 0, err
229 }
230
231 // The set of keys come from https://github.com/torvalds/linux/blob/v4.13/fs/namespace.c#L1034-L1048.
232 unprivilegedFlags := []int{
233 unix.MS_RDONLY,
234 unix.MS_NODEV,
235 unix.MS_NOEXEC,
236 unix.MS_NOSUID,
237 unix.MS_NOATIME,
238 unix.MS_RELATIME,
239 unix.MS_NODIRATIME,
240 }
241
242 var flags int
243 for _, flag := range unprivilegedFlags {
244 if int(statfs.Flags)&flag == flag {
245 flags |= flag
246 }
247 }
248
249 return flags, nil
250}
251
252func doPrepareIDMappedOverlay(tmpDir string, lowerDirs []string, usernsFd int) (_ []string, _ func(), retErr error) {
253 commonDir, err := getCommonDirectory(lowerDirs)

Callers 2

mountMethod · 0.85

Calls

no outgoing calls

Tested by 1

Used in the wild real call sites across dependent graphs

searching dependent graphs…