MCPcopy Index your code
hub / github.com/containerd/containerd / prepareBundleDirectoryPermissions

Function prepareBundleDirectoryPermissions

core/runtime/v2/bundle_linux.go:30–42  ·  view source on GitHub ↗

prepareBundleDirectoryPermissions prepares the permissions of the bundle directory according to the needs of the current platform. On Linux when user namespaces are enabled, the permissions are modified to allow the remapped root GID to access the bundle.

(path string, spec []byte)

Source from the content-addressed store, hash-verified

28// On Linux when user namespaces are enabled, the permissions are modified to
29// allow the remapped root GID to access the bundle.
30func prepareBundleDirectoryPermissions(path string, spec []byte) error {
31 gid, err := remappedGID(spec)
32 if err != nil {
33 return err
34 }
35 if gid == 0 {
36 return nil
37 }
38 if err := os.Chown(path, -1, int(gid)); err != nil {
39 return err
40 }
41 return os.Chmod(path, 0710)
42}
43
44// ociSpecUserNS is a subset of specs.Spec used to reduce garbage during
45// unmarshal.

Callers 1

NewBundleFunction · 0.70

Calls 1

remappedGIDFunction · 0.85

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…