Merge pull request #3939 from eiffel-fl/francis/caps-naming

Renaming *Mappings fields and use int* for mountEntry.fd
opencontainers · Jul 21, 2023 · 74895d4 · 74895d4
2 parents b338acc + a3785c8
commit 74895d4
Show file tree

Hide file tree

Showing 14 changed files with 94 additions and 97 deletions.
diff --git a/libcontainer/README.md b/libcontainer/README.md
@@ -184,14 +184,14 @@ config := &configs.Config{
 			Flags:       defaultMountFlags | unix.MS_RDONLY,
 		},
 	},
-	UidMappings: []configs.IDMap{
+	UIDMappings: []configs.IDMap{
 		{
 			ContainerID: 0,
 			HostID: 1000,
 			Size: 65536,
 		},
 	},
-	GidMappings: []configs.IDMap{
+	GIDMappings: []configs.IDMap{
 		{
 			ContainerID: 0,
 			HostID: 1000,

diff --git a/libcontainer/configs/config.go b/libcontainer/configs/config.go
@@ -159,11 +159,11 @@ type Config struct {
 	// More information about kernel oom score calculation here: https://lwn.net/Articles/317814/
 	OomScoreAdj *int `json:"oom_score_adj,omitempty"`
 
-	// UidMappings is an array of User ID mappings for User Namespaces
-	UidMappings []IDMap `json:"uid_mappings"`
+	// UIDMappings is an array of User ID mappings for User Namespaces
+	UIDMappings []IDMap `json:"uid_mappings"`
 
-	// GidMappings is an array of Group ID mappings for User Namespaces
-	GidMappings []IDMap `json:"gid_mappings"`
+	// GIDMappings is an array of Group ID mappings for User Namespaces
+	GIDMappings []IDMap `json:"gid_mappings"`
 
 	// MaskPaths specifies paths within the container's rootfs to mask over with a bind
 	// mount pointing to /dev/null as to prevent reads of the file.

diff --git a/libcontainer/configs/config_linux.go b/libcontainer/configs/config_linux.go
@@ -13,10 +13,10 @@ var (
 // different when user namespaces are enabled.
 func (c Config) HostUID(containerId int) (int, error) {
 	if c.Namespaces.Contains(NEWUSER) {
-		if c.UidMappings == nil {
+		if c.UIDMappings == nil {
 			return -1, errNoUIDMap
 		}
-		id, found := c.hostIDFromMapping(containerId, c.UidMappings)
+		id, found := c.hostIDFromMapping(containerId, c.UIDMappings)
 		if !found {
 			return -1, errNoUserMap
 		}
@@ -36,10 +36,10 @@ func (c Config) HostRootUID() (int, error) {
 // different when user namespaces are enabled.
 func (c Config) HostGID(containerId int) (int, error) {
 	if c.Namespaces.Contains(NEWUSER) {
-		if c.GidMappings == nil {
+		if c.GIDMappings == nil {
 			return -1, errNoGIDMap
 		}
-		id, found := c.hostIDFromMapping(containerId, c.GidMappings)
+		id, found := c.hostIDFromMapping(containerId, c.GIDMappings)
 		if !found {
 			return -1, errNoGroupMap
 		}

diff --git a/libcontainer/configs/config_linux_test.go b/libcontainer/configs/config_linux_test.go
@@ -34,7 +34,7 @@ func TestHostRootUIDNoUSERNS(t *testing.T) {
 func TestHostRootUIDWithUSERNS(t *testing.T) {
 	config := &Config{
 		Namespaces: Namespaces{{Type: NEWUSER}},
-		UidMappings: []IDMap{
+		UIDMappings: []IDMap{
 			{
 				ContainerID: 0,
 				HostID:      1000,
@@ -67,7 +67,7 @@ func TestHostRootGIDNoUSERNS(t *testing.T) {
 func TestHostRootGIDWithUSERNS(t *testing.T) {
 	config := &Config{
 		Namespaces: Namespaces{{Type: NEWUSER}},
-		GidMappings: []IDMap{
+		GIDMappings: []IDMap{
 			{
 				ContainerID: 0,
 				HostID:      1000,

diff --git a/libcontainer/configs/validate/rootless.go b/libcontainer/configs/validate/rootless.go
@@ -42,10 +42,10 @@ func rootlessEUIDMappings(config *configs.Config) error {
 		return errors.New("rootless container requires user namespaces")
 	}
 
-	if len(config.UidMappings) == 0 {
+	if len(config.UIDMappings) == 0 {
 		return errors.New("rootless containers requires at least one UID mapping")
 	}
-	if len(config.GidMappings) == 0 {
+	if len(config.GIDMappings) == 0 {
 		return errors.New("rootless containers requires at least one GID mapping")
 	}
 	return nil
@@ -68,7 +68,7 @@ func rootlessEUIDMount(config *configs.Config) error {
 					// Ignore unknown mount options.
 					continue
 				}
-				if !hasIDMapping(uid, config.UidMappings) {
+				if !hasIDMapping(uid, config.UIDMappings) {
 					return errors.New("cannot specify uid= mount options for unmapped uid in rootless containers")
 				}
 			}
@@ -79,7 +79,7 @@ func rootlessEUIDMount(config *configs.Config) error {
 					// Ignore unknown mount options.
 					continue
 				}
-				if !hasIDMapping(gid, config.GidMappings) {
+				if !hasIDMapping(gid, config.GIDMappings) {
 					return errors.New("cannot specify gid= mount options for unmapped gid in rootless containers")
 				}
 			}

diff --git a/libcontainer/configs/validate/rootless_test.go b/libcontainer/configs/validate/rootless_test.go
@@ -16,14 +16,14 @@ func rootlessEUIDConfig() *configs.Config {
 				{Type: configs.NEWUSER},
 			},
 		),
-		UidMappings: []configs.IDMap{
+		UIDMappings: []configs.IDMap{
 			{
 				HostID:      1337,
 				ContainerID: 0,
 				Size:        1,
 			},
 		},
-		GidMappings: []configs.IDMap{
+		GIDMappings: []configs.IDMap{
 			{
 				HostID:      7331,
 				ContainerID: 0,
@@ -52,15 +52,15 @@ func TestValidateRootlessEUIDUserns(t *testing.T) {
 
 func TestValidateRootlessEUIDMappingUid(t *testing.T) {
 	config := rootlessEUIDConfig()
-	config.UidMappings = nil
+	config.UIDMappings = nil
 	if err := Validate(config); err == nil {
 		t.Errorf("Expected error to occur if no uid mappings provided")
 	}
 }
 
 func TestValidateNonZeroEUIDMappingGid(t *testing.T) {
 	config := rootlessEUIDConfig()
-	config.GidMappings = nil
+	config.GIDMappings = nil
 	if err := Validate(config); err == nil {
 		t.Errorf("Expected error to occur if no gid mappings provided")
 	}
@@ -93,15 +93,15 @@ func TestValidateRootlessEUIDMountUid(t *testing.T) {
 	}
 
 	config.Mounts[0].Data = "uid=2"
-	config.UidMappings[0].Size = 10
+	config.UIDMappings[0].Size = 10
 	if err := Validate(config); err != nil {
-		t.Errorf("Expected error to not occur when setting uid=2 in mount options and UidMapping[0].size is 10")
+		t.Errorf("Expected error to not occur when setting uid=2 in mount options and UIDMappings[0].size is 10")
 	}
 
 	config.Mounts[0].Data = "uid=20"
-	config.UidMappings[0].Size = 10
+	config.UIDMappings[0].Size = 10
 	if err := Validate(config); err == nil {
-		t.Errorf("Expected error to occur when setting uid=20 in mount options and UidMapping[0].size is 10")
+		t.Errorf("Expected error to occur when setting uid=20 in mount options and UIDMappings[0].size is 10")
 	}
 }
 
@@ -130,21 +130,21 @@ func TestValidateRootlessEUIDMountGid(t *testing.T) {
 	}
 
 	config.Mounts[0].Data = "gid=5"
-	config.GidMappings[0].Size = 10
+	config.GIDMappings[0].Size = 10
 	if err := Validate(config); err != nil {
-		t.Errorf("Expected error to not occur when setting gid=5 in mount options and GidMapping[0].size is 10")
+		t.Errorf("Expected error to not occur when setting gid=5 in mount options and GIDMappings[0].size is 10")
 	}
 
 	config.Mounts[0].Data = "gid=11"
-	config.GidMappings[0].Size = 10
+	config.GIDMappings[0].Size = 10
 	if err := Validate(config); err == nil {
-		t.Errorf("Expected error to occur when setting gid=11 in mount options and GidMapping[0].size is 10")
+		t.Errorf("Expected error to occur when setting gid=11 in mount options and GIDMappings[0].size is 10")
 	}
 }
 
 func BenchmarkRootlessEUIDMount(b *testing.B) {
 	config := rootlessEUIDConfig()
-	config.GidMappings[0].Size = 10
+	config.GIDMappings[0].Size = 10
 	config.Mounts = []*configs.Mount{
 		{
 			Source:      "devpts",

diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go
@@ -95,7 +95,7 @@ func namespaces(config *configs.Config) error {
 			return errors.New("USER namespaces aren't enabled in the kernel")
 		}
 	} else {
-		if config.UidMappings != nil || config.GidMappings != nil {
+		if config.UIDMappings != nil || config.GIDMappings != nil {
 			return errors.New("User namespace mappings specified, but USER namespace isn't enabled in the config")
 		}
 	}
@@ -264,13 +264,13 @@ func checkIDMapMounts(config *configs.Config, m *configs.Mount) error {
 	if config.RootlessEUID {
 		return fmt.Errorf("gidMappings/uidMappings is not supported when runc is being launched with EUID != 0, needs CAP_SYS_ADMIN on the runc parent's user namespace")
 	}
-	if len(config.UidMappings) == 0 || len(config.GidMappings) == 0 {
+	if len(config.UIDMappings) == 0 || len(config.GIDMappings) == 0 {
 		return fmt.Errorf("not yet supported to use gidMappings/uidMappings in a mount without also using a user namespace")
 	}
-	if !sameMapping(config.UidMappings, m.UIDMappings) {
+	if !sameMapping(config.UIDMappings, m.UIDMappings) {
 		return fmt.Errorf("not yet supported for the mount uidMappings to be different than user namespace uidMapping")
 	}
-	if !sameMapping(config.GidMappings, m.GIDMappings) {
+	if !sameMapping(config.GIDMappings, m.GIDMappings) {
 		return fmt.Errorf("not yet supported for the mount gidMappings to be different than user namespace gidMapping")
 	}
 	if !filepath.IsAbs(m.Source) {

diff --git a/libcontainer/configs/validate/validator_test.go b/libcontainer/configs/validate/validator_test.go
@@ -192,7 +192,7 @@ func TestValidateUsernamespaceWithoutUserNS(t *testing.T) {
 	uidMap := configs.IDMap{ContainerID: 123}
 	config := &configs.Config{
 		Rootfs:      "/var",
-		UidMappings: []configs.IDMap{uidMap},
+		UIDMappings: []configs.IDMap{uidMap},
 	}
 
 	err := Validate(config)
@@ -405,8 +405,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 			name:  "idmap mount without bind opt specified",
 			isErr: true,
 			config: &configs.Config{
-				UidMappings: mapping,
-				GidMappings: mapping,
+				UIDMappings: mapping,
+				GIDMappings: mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "/abs/path/",
@@ -422,8 +422,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 			isErr: true,
 			config: &configs.Config{
 				RootlessEUID: true,
-				UidMappings:  mapping,
-				GidMappings:  mapping,
+				UIDMappings:  mapping,
+				GIDMappings:  mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "/abs/path/",
@@ -454,8 +454,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 			name:  "idmap mounts with different userns and mount mappings",
 			isErr: true,
 			config: &configs.Config{
-				UidMappings: mapping,
-				GidMappings: mapping,
+				UIDMappings: mapping,
+				GIDMappings: mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "/abs/path/",
@@ -477,8 +477,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 			name:  "idmap mounts with different userns and mount mappings",
 			isErr: true,
 			config: &configs.Config{
-				UidMappings: mapping,
-				GidMappings: mapping,
+				UIDMappings: mapping,
+				GIDMappings: mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "/abs/path/",
@@ -500,8 +500,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 			name:  "idmap mounts without abs source path",
 			isErr: true,
 			config: &configs.Config{
-				UidMappings: mapping,
-				GidMappings: mapping,
+				UIDMappings: mapping,
+				GIDMappings: mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "./rel/path/",
@@ -517,8 +517,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 			name:  "idmap mounts without abs dest path",
 			isErr: true,
 			config: &configs.Config{
-				UidMappings: mapping,
-				GidMappings: mapping,
+				UIDMappings: mapping,
+				GIDMappings: mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "/abs/path/",
@@ -534,8 +534,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 		{
 			name: "simple idmap mount",
 			config: &configs.Config{
-				UidMappings: mapping,
-				GidMappings: mapping,
+				UIDMappings: mapping,
+				GIDMappings: mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "/another-abs/path/",
@@ -550,8 +550,8 @@ func TestValidateIDMapMounts(t *testing.T) {
 		{
 			name: "idmap mount with more flags",
 			config: &configs.Config{
-				UidMappings: mapping,
-				GidMappings: mapping,
+				UIDMappings: mapping,
+				GIDMappings: mapping,
 				Mounts: []*configs.Mount{
 					{
 						Source:      "/another-abs/path/",

diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
@@ -1419,10 +1419,7 @@ func (c *Container) prepareCriuRestoreMounts(mounts []*configs.Mount) error {
 			// set up in the order they are configured.
 			if m.Device == "bind" {
 				if err := utils.WithProcfd(c.config.Rootfs, m.Destination, func(dstFD string) error {
-					if err := mountViaFDs(m.Source, "", m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, ""); err != nil {
-						return err
-					}
-					return nil
+					return mountViaFDs(m.Source, nil, m.Destination, dstFD, "", unix.MS_BIND|unix.MS_REC, "")
 				}); err != nil {
 					return err
 				}
@@ -2219,7 +2216,7 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa
 	_, joinExistingUser := nsMaps[configs.NEWUSER]
 	if !joinExistingUser {
 		// write uid mappings
-		if len(c.config.UidMappings) > 0 {
+		if len(c.config.UIDMappings) > 0 {
 			if c.config.RootlessEUID {
 				// We resolve the paths for new{u,g}idmap from
 				// the context of runc to avoid doing a path
@@ -2231,7 +2228,7 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa
 					})
 				}
 			}
-			b, err := encodeIDMapping(c.config.UidMappings)
+			b, err := encodeIDMapping(c.config.UIDMappings)
 			if err != nil {
 				return nil, err
 			}
@@ -2242,8 +2239,8 @@ func (c *Container) bootstrapData(cloneFlags uintptr, nsMaps map[configs.Namespa
 		}
 
 		// write gid mappings
-		if len(c.config.GidMappings) > 0 {
-			b, err := encodeIDMapping(c.config.GidMappings)
+		if len(c.config.GIDMappings) > 0 {
+			b, err := encodeIDMapping(c.config.GIDMappings)
 			if err != nil {
 				return nil, err
 			}
@@ -2356,5 +2353,5 @@ func requiresRootOrMappingTool(c *configs.Config) bool {
 	gidMap := []configs.IDMap{
 		{ContainerID: 0, HostID: os.Getegid(), Size: 1},
 	}
-	return !reflect.DeepEqual(c.GidMappings, gidMap)
+	return !reflect.DeepEqual(c.GIDMappings, gidMap)
 }
diff --git a/libcontainer/integration/exec_test.go b/libcontainer/integration/exec_test.go
@@ -1774,8 +1774,8 @@ func TestBindMountAndUser(t *testing.T) {
 	})
 
 	// Set HostID to 1000 to avoid DAC_OVERRIDE bypassing the purpose of this test.
-	config.UidMappings[0].HostID = 1000
-	config.GidMappings[0].HostID = 1000
+	config.UIDMappings[0].HostID = 1000
+	config.GIDMappings[0].HostID = 1000
 
 	// Set the owner of rootfs to the effective IDs in the host to avoid errors
 	// while creating the folders to perform the mounts.

diff --git a/libcontainer/integration/template_test.go b/libcontainer/integration/template_test.go
@@ -193,8 +193,8 @@ func newTemplateConfig(t *testing.T, p *tParam) *configs.Config {
 	}
 
 	if p.userns {
-		config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
-		config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
+		config.UIDMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
+		config.GIDMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
 		config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER})
 	} else {
 		config.Mounts = append(config.Mounts, &configs.Mount{