Split uid and gid user ns remapping in oci

Signed-off-by: Jie Hao Liao <liaojh1998@gmail.com>
2019-12-09 20:43:49 -06:00
parent e8948e11aa
commit 51a6813c06
3 changed files with 45 additions and 17 deletions
--- a/oci/spec_opts.go
+++ b/oci/spec_opts.go
@@ -439,7 +439,7 @@ func WithHostLocaltime(_ context.Context, _ Client, _ *containers.Container, s *

 // WithUserNamespace sets the uid and gid mappings for the task
 // this can be called multiple times to add more mappings to the generated spec
-func WithUserNamespace(container, host, size uint32) SpecOpts {
+func WithUserNamespace(uidMap, gidMap []specs.LinuxIDMapping) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
 		var hasUserns bool
 		setLinux(s)
@@ -454,13 +454,8 @@ func WithUserNamespace(container, host, size uint32) SpecOpts {
 				Type: specs.UserNamespace,
 			})
 		}
-		mapping := specs.LinuxIDMapping{
-			ContainerID: container,
-			HostID:      host,
-			Size:        size,
-		}
-		s.Linux.UIDMappings = append(s.Linux.UIDMappings, mapping)
-		s.Linux.GIDMappings = append(s.Linux.GIDMappings, mapping)
+		s.Linux.UIDMappings = append(s.Linux.UIDMappings, uidMap...)
+		s.Linux.GIDMappings = append(s.Linux.GIDMappings, gidMap...)
 		return nil
 	}
 }
--- a/oci/spec_opts_test.go
+++ b/oci/spec_opts_test.go
@@ -467,21 +467,42 @@ func TestWithTTYSize(t *testing.T) {
 func TestWithUserNamespace(t *testing.T) {
 	t.Parallel()
 	s := Spec{}
+
 	opts := []SpecOpts{
-		WithUserNamespace(1, 2, 20000),
+		WithUserNamespace([]specs.LinuxIDMapping{
+			{
+				ContainerID: 1,
+				HostID:      2,
+				Size:        10000,
+			},
+		}, []specs.LinuxIDMapping{
+			{
+				ContainerID: 2,
+				HostID:      3,
+				Size:        20000,
+			},
+		}),
 	}
+
 	for _, opt := range opts {
 		if err := opt(nil, nil, nil, &s); err != nil {
 			t.Fatal(err)
 		}
 	}
-	testMapping := specs.LinuxIDMapping{
+
+	expectedUIDMapping := specs.LinuxIDMapping{
 		ContainerID: 1,
 		HostID:      2,
+		Size:        10000,
+	}
+	expectedGIDMapping := specs.LinuxIDMapping{
+		ContainerID: 2,
+		HostID:      3,
 		Size:        20000,
 	}
-	if !(len(s.Linux.UIDMappings) == 1 && s.Linux.UIDMappings[0] == testMapping) || !(len(s.Linux.GIDMappings) == 1 && s.Linux.GIDMappings[0] == testMapping) {
-		t.Fatal("WithUserNamespace Cannot set the uid/gid  mappings for the task")
+
+	if !(len(s.Linux.UIDMappings) == 1 && s.Linux.UIDMappings[0] == expectedUIDMapping) || !(len(s.Linux.GIDMappings) == 1 && s.Linux.GIDMappings[0] == expectedGIDMapping) {
+		t.Fatal("WithUserNamespace Cannot set the uid/gid mappings for the task")
 	}

 }