github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/configs/namespaces_syscall.go

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/configs/namespaces_syscall.go (about)

     1  //go:build linux
     2  // +build linux
     3  
     4  package configs
     5  
     6  import "golang.org/x/sys/unix"
     7  
     8  func (n *Namespace) Syscall() int {
     9  	return namespaceInfo[n.Type]
    10  }
    11  
    12  var namespaceInfo = map[NamespaceType]int{
    13  	NEWNET:    unix.CLONE_NEWNET,
    14  	NEWNS:     unix.CLONE_NEWNS,
    15  	NEWUSER:   unix.CLONE_NEWUSER,
    16  	NEWIPC:    unix.CLONE_NEWIPC,
    17  	NEWUTS:    unix.CLONE_NEWUTS,
    18  	NEWPID:    unix.CLONE_NEWPID,
    19  	NEWCGROUP: unix.CLONE_NEWCGROUP,
    20  	NEWTIME:   unix.CLONE_NEWTIME,
    21  }
    22  
    23  // CloneFlags parses the container's Namespaces options to set the correct
    24  // flags on clone, unshare. This function returns flags only for new namespaces.
    25  func (n *Namespaces) CloneFlags() uintptr {
    26  	var flag int
    27  	for _, v := range *n {
    28  		if v.Path != "" {
    29  			continue
    30  		}
    31  		flag |= namespaceInfo[v.Type]
    32  	}
    33  	return uintptr(flag)
    34  }
    35  
    36  // IsPrivate tells whether the namespace of type t is configured as private
    37  // (i.e. it exists and is not shared).
    38  func (n Namespaces) IsPrivate(t NamespaceType) bool {
    39  	for _, v := range n {
    40  		if v.Type == t {
    41  			return v.Path == ""
    42  		}
    43  	}
    44  	// Not found, so implicitly sharing a parent namespace.
    45  	return false
    46  }