github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/keys/keyctl.go

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/libcontainer/keys/keyctl.go (about)

     1  package keys
     2  
     3  import (
     4  	"errors"
     5  	"fmt"
     6  	"strconv"
     7  	"strings"
     8  
     9  	"golang.org/x/sys/unix"
    10  )
    11  
    12  type KeySerial uint32
    13  
    14  func JoinSessionKeyring(name string) (KeySerial, error) {
    15  	sessKeyID, err := unix.KeyctlJoinSessionKeyring(name)
    16  	if err != nil {
    17  		return 0, fmt.Errorf("unable to create session key: %w", err)
    18  	}
    19  	return KeySerial(sessKeyID), nil
    20  }
    21  
    22  // ModKeyringPerm modifies permissions on a keyring by reading the current permissions,
    23  // anding the bits with the given mask (clearing permissions) and setting
    24  // additional permission bits
    25  func ModKeyringPerm(ringID KeySerial, mask, setbits uint32) error {
    26  	dest, err := unix.KeyctlString(unix.KEYCTL_DESCRIBE, int(ringID))
    27  	if err != nil {
    28  		return err
    29  	}
    30  
    31  	res := strings.Split(dest, ";")
    32  	if len(res) < 5 {
    33  		return errors.New("Destination buffer for key description is too small")
    34  	}
    35  
    36  	// parse permissions
    37  	perm64, err := strconv.ParseUint(res[3], 16, 32)
    38  	if err != nil {
    39  		return err
    40  	}
    41  
    42  	perm := (uint32(perm64) & mask) | setbits
    43  
    44  	return unix.KeyctlSetperm(int(ringID), perm)
    45  }