Find file
Fetching contributors…
Cannot retrieve contributors at this time
147 lines (121 sloc) 4.41 KB
* umoci: Umoci Modifies Open Containers' Images
* Copyright (C) 2016 SUSE LLC.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* See the License for the specific language governing permissions and
* limitations under the License.
package umoci
import (
// RootlessFsEval is an FsEval implementation that uses "umoci/pkg/unpriv".*
// functions in order to provide the ability for unprivileged users (those
// without CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH) to evaluate parts of a
// filesystem that they own. Note that by necessity this requires modifying the
// filesystem (and thus will not work on read-only filesystems).
var RootlessFsEval FsEval = unprivFsEval(0)
// unprivFsEval is a hack to be able to make RootlessFsEval a const.
type unprivFsEval int
// Open is equivalent to unpriv.Open.
func (fs unprivFsEval) Open(path string) (*os.File, error) {
return unpriv.Open(path)
// Create is equivalent to unpriv.Create.
func (fs unprivFsEval) Create(path string) (*os.File, error) {
return unpriv.Create(path)
// Readdir is equivalent to unpriv.Readdir.
func (fs unprivFsEval) Readdir(path string) ([]os.FileInfo, error) {
return unpriv.Readdir(path)
// Lstat is equivalent to unpriv.Lstat.
func (fs unprivFsEval) Lstat(path string) (os.FileInfo, error) {
return unpriv.Lstat(path)
// Readlink is equivalent to unpriv.Readlink.
func (fs unprivFsEval) Readlink(path string) (string, error) {
return unpriv.Readlink(path)
// Symlink is equivalent to unpriv.Symlink.
func (fs unprivFsEval) Symlink(linkname, path string) error {
return unpriv.Symlink(linkname, path)
// Link is equivalent to unpriv.Link.
func (fs unprivFsEval) Link(linkname, path string) error {
return unpriv.Link(linkname, path)
// Chmod is equivalent to unpriv.Chmod.
func (fs unprivFsEval) Chmod(path string, mode os.FileMode) error {
return unpriv.Chmod(path, mode)
// Lutimes is equivalent to unpriv.Lutimes.
func (fs unprivFsEval) Lutimes(path string, atime, mtime time.Time) error {
return unpriv.Lutimes(path, atime, mtime)
// Remove is equivalent to unpriv.Remove.
func (fs unprivFsEval) Remove(path string) error {
return unpriv.Remove(path)
// RemoveAll is equivalent to unpriv.RemoveAll.
func (fs unprivFsEval) RemoveAll(path string) error {
return unpriv.RemoveAll(path)
// Mkdir is equivalent to unpriv.Mkdir.
func (fs unprivFsEval) Mkdir(path string, perm os.FileMode) error {
return unpriv.Mkdir(path, perm)
// Mknod is equivalent to unpriv.Mknod.
func (fs unprivFsEval) Mknod(path string, mode os.FileMode, dev system.Dev_t) error {
return unpriv.Mknod(path, mode, dev)
// MkdirAll is equivalent to unpriv.MkdirAll.
func (fs unprivFsEval) MkdirAll(path string, perm os.FileMode) error {
return unpriv.MkdirAll(path, perm)
// Llistxattr is equivalent to unpriv.Llistxattr
func (fs unprivFsEval) Llistxattr(path string) ([]string, error) {
return unpriv.Llistxattr(path)
// Lremovexattr is equivalent to unpriv.Lremovexattr
func (fs unprivFsEval) Lremovexattr(path, name string) error {
return unpriv.Lremovexattr(path, name)
// Lsetxattr is equivalent to unpriv.Lsetxattr
func (fs unprivFsEval) Lsetxattr(path, name string, value []byte, flags int) error {
return unpriv.Lsetxattr(path, name, value, flags)
// Lgetxattr is equivalent to unpriv.Lgetxattr
func (fs unprivFsEval) Lgetxattr(path string, name string) ([]byte, error) {
return unpriv.Lgetxattr(path, name)
// Lclearxattrs is equivalent to unpriv.Lclearxattrs
func (fs unprivFsEval) Lclearxattrs(path string) error {
return unpriv.Lclearxattrs(path)
// KeywordFunc returns a wrapper around the given mtree.KeywordFunc.
func (fs unprivFsEval) KeywordFunc(fn mtree.KeywordFunc) mtree.KeywordFunc {
return func(path string, info os.FileInfo, r io.Reader) (mtree.KeyVal, error) {
var kv mtree.KeyVal
err := unpriv.Wrap(path, func(path string) error {
var err error
kv, err = fn(path, info, r)
return err
return kv, err