| 9c4570a9 |
package libcontainerd
import ( |
| 934328d8 |
"syscall"
|
| 0ea0b2be |
containerd "github.com/containerd/containerd/api/grpc/types" |
| 041e5a21 |
"github.com/opencontainers/runtime-spec/specs-go" |
| 069fdc8a |
"golang.org/x/sys/unix" |
| 9c4570a9 |
)
func getRootIDs(s specs.Spec) (int, int, error) {
var hasUserns bool
for _, ns := range s.Linux.Namespaces {
if ns.Type == specs.UserNamespace {
hasUserns = true
break
}
}
if !hasUserns {
return 0, 0, nil
}
uid := hostIDFromMap(0, s.Linux.UIDMappings)
gid := hostIDFromMap(0, s.Linux.GIDMappings)
return uid, gid, nil
}
|
| 005506d3 |
func hostIDFromMap(id uint32, mp []specs.LinuxIDMapping) int { |
| 9c4570a9 |
for _, m := range mp {
if id >= m.ContainerID && id <= m.ContainerID+m.Size-1 {
return int(m.HostID + id - m.ContainerID)
}
}
return 0
}
func systemPid(ctr *containerd.Container) uint32 {
var pid uint32
for _, p := range ctr.Processes {
if p.Pid == InitFriendlyName {
pid = p.SystemPid
}
}
return pid
} |
| 8891afd8 |
|
| 005506d3 |
func convertRlimits(sr []specs.LinuxRlimit) (cr []*containerd.Rlimit) { |
| 8891afd8 |
for _, r := range sr {
cr = append(cr, &containerd.Rlimit{
Type: r.Type,
Hard: r.Hard,
Soft: r.Soft,
})
}
return
} |
| 934328d8 |
// setPDeathSig sets the parent death signal to SIGKILL
func setSysProcAttr(sid bool) *syscall.SysProcAttr {
return &syscall.SysProcAttr{
Setsid: sid, |
| 069fdc8a |
Pdeathsig: unix.SIGKILL, |
| 934328d8 |
}
} |