github.com/containerd/containerd@v22.0.0-20200918172823-438c87b8e050+incompatible/sys/userns_linux.go (about)

     1  /*
     2     Copyright The containerd Authors.
     3  
     4     Licensed under the Apache License, Version 2.0 (the "License");
     5     you may not use this file except in compliance with the License.
     6     You may obtain a copy of the License at
     7  
     8         http://www.apache.org/licenses/LICENSE-2.0
     9  
    10     Unless required by applicable law or agreed to in writing, software
    11     distributed under the License is distributed on an "AS IS" BASIS,
    12     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13     See the License for the specific language governing permissions and
    14     limitations under the License.
    15  */
    16  
    17  package sys
    18  
    19  import (
    20  	"bufio"
    21  	"fmt"
    22  	"os"
    23  	"sync"
    24  )
    25  
    26  var (
    27  	inUserNS bool
    28  	nsOnce   sync.Once
    29  )
    30  
    31  // RunningInUserNS detects whether we are currently running in a user namespace.
    32  // Originally copied from github.com/lxc/lxd/shared/util.go
    33  func RunningInUserNS() bool {
    34  	nsOnce.Do(func() {
    35  		file, err := os.Open("/proc/self/uid_map")
    36  		if err != nil {
    37  			// This kernel-provided file only exists if user namespaces are supported
    38  			return
    39  		}
    40  		defer file.Close()
    41  
    42  		buf := bufio.NewReader(file)
    43  		l, _, err := buf.ReadLine()
    44  		if err != nil {
    45  			return
    46  		}
    47  
    48  		line := string(l)
    49  		var a, b, c int64
    50  		fmt.Sscanf(line, "%d %d %d", &a, &b, &c)
    51  
    52  		/*
    53  		 * We assume we are in the initial user namespace if we have a full
    54  		 * range - 4294967295 uids starting at uid 0.
    55  		 */
    56  		if a == 0 && b == 0 && c == 4294967295 {
    57  			return
    58  		}
    59  		inUserNS = true
    60  	})
    61  	return inUserNS
    62  }