github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

pkg/process: Check using idmap mount options too

Browse Source 
The runtime-spec just merged this PR:
	https://github.com/opencontainers/runtime-spec/pull/1224

This means that it is now possible to request idmap mounts by specifying
"idmap" or "ridmap" in the mount options, without any mappings.

Let's add a check to see if they are requested in that way too.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos 2023-12-04 12:56:27 +01:00
parent 47163c3c00
commit 8bbce8d37f
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cmd/containerd-shim-runc-v2/process/init.go
View File

@ -206,6 +206,10 @@ func (p *Init) validateIDMapMounts(ctx context.Context, spec *specs.Spec) error
used = true used = true
break break
} }
if sliceContainsStr(m.Options, "idmap") || sliceContainsStr(m.Options, "ridmap") {
used = true
break
}
} }
if !used { if !used {
@ -552,3 +556,12 @@ func withConditionalIO(c stdio.Stdio) runc.IOOpt {
o.OpenStderr = c.Stderr != "" o.OpenStderr = c.Stderr != ""
} }
} }
func sliceContainsStr(s []string, str string) bool {
for _, s := range s {
if s == str {
return true
}
}
return false
}