CONSFIGURATOR.UTIL.LINUX-NAMESPACE
API reference
General
Function: CONSFIGURATOR.UTIL.LINUX-NAMESPACE:GET-IDS-OFFSET
(consfigurator.util.linux-namespace:get-ids-offset file identifier)
Where IDENTIFIER is a username or uid, and FILE is structured like /etc/subuid and /etc/subuid (see subuid(5) and subgid(5)), return the numerical subordinate ID and numerical subordinate ID count for the first entry in FILE for IDENTIFIER.
Function: CONSFIGURATOR.UTIL.LINUX-NAMESPACE:REDUCE-ID-MAPS
(consfigurator.util.linux-namespace:reduce-id-maps id-maps)
Where each of ID-MAPS is a list of three integers corresponding to the lines of the uid_map (resp. gid_map) of a process in a different user namespace as would be read by a process in the current user namespace, return a function which maps UIDs (resp. GIDs) in the current user namespace to UIDs (resp. GIDs) in the user namespace of the process. The function returns NIL, not 65534, for values which are unmapped.
A process’s uid_map & gid_map files are under /proc; see user_namespaces(7).
Function: CONSFIGURATOR.UTIL.LINUX-NAMESPACE:SHIFT-IDS
(consfigurator.util.linux-namespace:shift-ids root uidmap gidmap)
Recursively map the ownership and POSIX ACLs of files under ROOT by applying the function UIDMAP to user ownership and UIDs appearing in ACLs, and the function GIDMAP to group ownership and GIDs appearing in ACLs. Each of UIDMAP and GIDMAP should return a non-negative integer or NIL for each non-negative integer input; in the latter case, no update will be made to the UID or GID.
For example, to recursively shift the ownership and POSIX ACLs of a filesystem hierarchy to render it suitable for use as a root filesystem in a different user namespace, you might use
(shift-ids "/var/lib/lxc/mycontainer/rootfs"
(reduce-id-maps '(0 100000 65536))
(reduce-id-maps '(0 100000 65536)))
Here the list (0 100000 65536) describes the relationship between the present user namespace and the container’s user namespace; see the docstring for CONSFIGURATOR.UTIL.LINUX-NAMESPACE:REDUCE-ID-MAPS and user_namespaces(7).
Function: CONSFIGURATOR.UTIL.LINUX-NAMESPACE:GET-USERNS-OWNER
(consfigurator.util.linux-namespace:get-userns-owner fd)
Function: CONSFIGURATOR.UTIL.LINUX-NAMESPACE:SETGROUPS-P
(consfigurator.util.linux-namespace:setgroups-p)
In a Lisp-type connection, do we have the ability to use setgroups(2)?