pkg/process: Check using idmap mount options too

The runtime-spec just merged this PR: https://github.com/opencontainers/runtime-spec/pull/1224 This means that it is now possible to request idmap mounts by specifying "idmap" or "ridmap" in the mount options, without any mappings. Let's add a check to see if they are requested in that way too. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
2023-12-04 12:56:27 +01:00
parent 47163c3c00
commit 8bbce8d37f
1 changed files with 13 additions and 0 deletions
--- a/cmd/containerd-shim-runc-v2/process/init.go
+++ b/cmd/containerd-shim-runc-v2/process/init.go
@@ -206,6 +206,10 @@ func (p *Init) validateIDMapMounts(ctx context.Context, spec *specs.Spec) error
 			used = true
 			break
 		}
+		if sliceContainsStr(m.Options, "idmap") || sliceContainsStr(m.Options, "ridmap") {
+			used = true
+			break
+		}
 	}

 	if !used {
@@ -552,3 +556,12 @@ func withConditionalIO(c stdio.Stdio) runc.IOOpt {
 		o.OpenStderr = c.Stderr != ""
 	}
 }
+
+func sliceContainsStr(s []string, str string) bool {
+	for _, s := range s {
+		if s == str {
+			return true
+		}
+	}
+	return false
+}