package unshare
import "github.com/containers/storage/pkg/unshare"
Index ¶
- Constants
- func ExecRunnable(cmd Runnable, cleanup func())
- func GetHostIDMappings(pid string) ([]specs.LinuxIDMapping, []specs.LinuxIDMapping, error)
- func GetRootlessGID() int
- func GetRootlessUID() int
- func GetSubIDMappings(user, group string) ([]specs.LinuxIDMapping, []specs.LinuxIDMapping, error)
- func HasCapSysAdmin() (bool, error)
- func HomeDir() (string, error)
- func IsRootless() bool
- func IsSetID(path string, modeid os.FileMode, capid capability.Cap) (bool, error)
- func MaybeReexecUsingUserNamespace(evenForRoot bool)
- func ParseIDMappings(uidmap, gidmap []string) ([]idtools.IDMap, []idtools.IDMap, error)
- func RootlessEnv() []string
- type Cmd
- func Command(args ...string) *Cmd
- func (c *Cmd) CombinedOutput() ([]byte, error)
- func (c *Cmd) Output() ([]byte, error)
- func (c *Cmd) Run() error
- func (c *Cmd) Start() (retErr error)
- type Runnable
Constants ¶
const ( // UsernsEnvName is the environment variable, if set indicates in rootless mode UsernsEnvName = "_CONTAINERS_USERNS_CONFIGURED" )
Functions ¶
func ExecRunnable ¶
func ExecRunnable(cmd Runnable, cleanup func())
ExecRunnable runs the specified unshare command, captures its exit status, and exits with the same status.
func GetHostIDMappings ¶
GetHostIDMappings reads mappings for the specified process (or the current process if pid is "self" or an empty string) from the kernel.
func GetRootlessGID ¶
func GetRootlessGID() int
GetRootlessGID returns the GID of the user in the parent userNS
func GetRootlessUID ¶
func GetRootlessUID() int
GetRootlessUID returns the UID of the user in the parent userNS
func GetSubIDMappings ¶
GetSubIDMappings reads mappings from /etc/subuid and /etc/subgid.
func HasCapSysAdmin ¶
HasCapSysAdmin returns whether the current process has CAP_SYS_ADMIN.
func HomeDir ¶
HomeDir returns the home directory for the current user.
func IsRootless ¶
func IsRootless() bool
IsRootless tells us if we are running in rootless mode
func IsSetID ¶
IsSetID checks if specified path has correct FileMode (Setuid|SETGID) or the matching file capability
func MaybeReexecUsingUserNamespace ¶
func MaybeReexecUsingUserNamespace(evenForRoot bool)
MaybeReexecUsingUserNamespace re-exec the process in a new namespace
func ParseIDMappings ¶
ParseIDMappings parses mapping triples.
func RootlessEnv ¶
func RootlessEnv() []string
RootlessEnv returns the environment settings for the rootless containers
Types ¶
type Cmd ¶
type Cmd struct {
*exec.Cmd
int
UseNewuidmap bool
UidMappings []specs.LinuxIDMapping //nolint: revive
UseNewgidmap bool
GidMappings []specs.LinuxIDMapping //nolint: revive
GidMappingsEnableSetgroups bool
Setsid bool
Setpgrp bool
Ctty *os.File
OOMScoreAdj *int
Hook func(pid int) error
}
Cmd wraps an exec.Cmd created by the reexec package in unshare(), and handles setting ID maps and other related settings by triggering initialization code in the child.
func Command ¶
Command creates a new Cmd which can be customized.
func (*Cmd) CombinedOutput ¶
func (*Cmd) Output ¶
func (*Cmd) Run ¶
func (*Cmd) Start ¶
type Runnable ¶
type Runnable interface {
Run() error
}
Source Files ¶
getenv_linux_cgo.go unshare.go unshare_cgo.go unshare_linux.go
- Version
- v1.59.0 (latest)
- Published
- Jul 14, 2025
- Platform
- linux/amd64
- Imports
- 21 packages
- Last checked
- 2 days ago –
Tools for package owners.