Get the set of mount flags that are set on the mount that contains the given path and are locked by CL_UNPRIVILEGED. From https://github.com/moby/moby/blob/v23.0.1/daemon/oci_linux.go#L430-L460
(path string)
| 223 | // |
| 224 | // From https://github.com/moby/moby/blob/v23.0.1/daemon/oci_linux.go#L430-L460 |
| 225 | func getUnprivilegedMountFlags(path string) (int, error) { |
| 226 | var statfs unix.Statfs_t |
| 227 | if err := unix.Statfs(path, &statfs); err != nil { |
| 228 | return 0, err |
| 229 | } |
| 230 | |
| 231 | // The set of keys come from https://github.com/torvalds/linux/blob/v4.13/fs/namespace.c#L1034-L1048. |
| 232 | unprivilegedFlags := []int{ |
| 233 | unix.MS_RDONLY, |
| 234 | unix.MS_NODEV, |
| 235 | unix.MS_NOEXEC, |
| 236 | unix.MS_NOSUID, |
| 237 | unix.MS_NOATIME, |
| 238 | unix.MS_RELATIME, |
| 239 | unix.MS_NODIRATIME, |
| 240 | } |
| 241 | |
| 242 | var flags int |
| 243 | for _, flag := range unprivilegedFlags { |
| 244 | if int(statfs.Flags)&flag == flag { |
| 245 | flags |= flag |
| 246 | } |
| 247 | } |
| 248 | |
| 249 | return flags, nil |
| 250 | } |
| 251 | |
| 252 | func doPrepareIDMappedOverlay(tmpDir string, lowerDirs []string, usernsFd int) (_ []string, _ func(), retErr error) { |
| 253 | commonDir, err := getCommonDirectory(lowerDirs) |
no outgoing calls
searching dependent graphs…