module Crysco::UserNamespace
Defined in:
user_namespace.crConstant Summary
-
USER_NAMESPACE_UID_CHILD_RANGE_SIZE =
2000
-
USER_NAMESPACE_UID_CHILD_RANGE_START =
10000
-
USER_NAMESPACE_UID_PARENT_RANGE_START =
0
Class Method Summary
- .change_user(uid : LibC::UidT)
-
.init(uid : LibC::UidT, child_socket : UNIXSocket) : Bool
Lets the parent process know that the user namespace is started.
-
.prepare_mappings(container_process : Container, parent_socket : UNIXSocket) : Bool
Listens for the child process to request setting uid / gid, then updates the uid_map / gid_map for the child process to use.
Class Method Detail
Lets the parent process know that the user namespace is started. The parent calls prepare_mappings to update the uid_map / gid_map. If successful, setgroups, setresgid, and setresuid are called in this function by the child. setgroups and setresgid are necessary because of two separate group mechanisms on Linux. The function assumes that every uid has a corresponding gid, which is often the case.
Listens for the child process to request setting uid / gid, then updates the uid_map / gid_map for the child process to use. uid_map and gid_map are a Linux kernel mechanism for mapping uids and gids between the parent and child process. The parent process must be privileged to set the uid_map / gid_map.