module Crysco::UserNamespace

Defined in:

user_namespace.cr

Constant Summary

USER_NAMESPACE_UID_CHILD_RANGE_SIZE = 2000
USER_NAMESPACE_UID_CHILD_RANGE_START = 10000
USER_NAMESPACE_UID_PARENT_RANGE_START = 0

Class Method Summary

Class Method Detail

def self.change_user(uid : LibC::UidT) #

[View source]
def self.init(uid : LibC::UidT, child_socket : UNIXSocket) : Bool #

Lets the parent process know that the user namespace is started. The parent calls prepare_mappings to update the uid_map / gid_map. If successful, setgroups, setresgid, and setresuid are called in this function by the child. setgroups and setresgid are necessary because of two separate group mechanisms on Linux. The function assumes that every uid has a corresponding gid, which is often the case.


[View source]
def self.prepare_mappings(container_process : Container, parent_socket : UNIXSocket) : Bool #

Listens for the child process to request setting uid / gid, then updates the uid_map / gid_map for the child process to use. uid_map and gid_map are a Linux kernel mechanism for mapping uids and gids between the parent and child process. The parent process must be privileged to set the uid_map / gid_map.


[View source]