func verifyRange(name string, idmap shared.IdmapEntry, c containers) (int, int, error) {
lineage := strings.Split(name, "/")
if len(lineage) == 1 {
return idmap.Hostid, idmap.Hostid + idmap.Maprange, nil
}
last := len(lineage) - 1
pname := strings.Join(lineage[0:last], "/")
parent, ok := c[pname]
if !ok || parent.hostmin == -1 {
return 0, 0, fmt.Errorf("Parent for %s (%s) is undefined", name, pname)
}
pidmap := parent.idmap.Idmap[0]
if idmap.Nsid+idmap.Maprange >= pidmap.Nsid+pidmap.Maprange || idmap.Hostid < pidmap.Nsid {
return 0, 0, fmt.Errorf("Mapping for %s exceeds its parent's, parentids should be between %d - %d",
name, pidmap.Nsid, pidmap.Nsid+pidmap.Maprange-1)
}
// make an idmap shifting the parent's mapping straight onto the host
absstr := fmt.Sprintf("b:%d:%d:%d", pidmap.Nsid, parent.hostmin, pidmap.Maprange)
m := shared.IdmapSet{}
m, err := m.Append(absstr)
if err != nil {
return 0, 0, err
}
// map the desired 'hostid' (which is really the parent-ns-id) onto the host
hoststart, _ := m.ShiftIntoNs(idmap.Hostid, idmap.Hostid)
hostend := hoststart + idmap.Maprange
return hoststart, hostend, nil
}
func run() error {
if len(os.Args) < 3 {
if len(os.Args) > 1 && (os.Args[1] == "-h" || os.Args[1] == "--help" || os.Args[1] == "help") {
help(os.Args[0], 0)
} else {
help(os.Args[0], 1)
}
}
directory := os.Args[1]
idmap := shared.IdmapSet{}
testmode := false
reverse := false
for pos := 2; pos < len(os.Args); pos++ {
switch os.Args[pos] {
case "-r", "--reverse":
reverse = true
case "t", "-t", "--test", "test":
testmode = true
default:
var err error
idmap, err = idmap.Append(os.Args[pos])
if err != nil {
return err
}
}
}
if idmap.Len() == 0 {
fmt.Printf("No idmaps given\n")
help(os.Args[0], 1)
}
if !testmode && os.Geteuid() != 0 {
fmt.Printf("This must be run as root\n")
os.Exit(1)
}
if reverse {
return idmap.UidshiftFromContainer(directory, testmode)
}
return idmap.UidshiftIntoContainer(directory, testmode)
}
