incusd: Update for idmap changes

Signed-off-by: Stéphane Graber <[email protected]>

cmd/incusd/backup.go

@@ -123,7 +123,7 @@ func backupCreate(s *state.State, args db.InstanceBackup, sourceInst instance.In
 	revert.Add(func() { _ = os.Remove(target) })
 
 	// Get IDMap to unshift container as the tarball is created.
-	var idmap *idmap.IdmapSet
+	var idmap *idmap.Set
 	if sourceInst.Type() == instancetype.Container {
 		c := sourceInst.(instance.Container)
 		idmap, err = c.DiskIdmap()

cmd/incusd/daemon.go

@@ -954,12 +954,12 @@ func (d *Daemon) init() error {
 	 * so we don't need to bother with atomic.StoreInt32() when touching
 	 * VFS3Fscaps.
 	 */
-	d.os.VFS3Fscaps = idmap.SupportsVFS3Fscaps("")
+	d.os.VFS3Fscaps = idmap.SupportsVFS3FSCaps("")
 	if d.os.VFS3Fscaps {
-		idmap.VFS3Fscaps = idmap.VFS3FscapsSupported
+		idmap.VFS3FSCaps = idmap.VFS3FSCapsSupported
 		logger.Infof(" - unprivileged file capabilities: yes")
 	} else {
-		idmap.VFS3Fscaps = idmap.VFS3FscapsUnsupported
+		idmap.VFS3FSCaps = idmap.VFS3FSCapsUnsupported
 		logger.Infof(" - unprivileged file capabilities: no")
 	}
 

cmd/incusd/dev_incus.go

@@ -295,7 +295,7 @@ func hoistReq(f func(*Daemon, instance.Instance, http.ResponseWriter, *http.Requ
 
 		idmapset, err := c.CurrentIdmap()
 		if err == nil && idmapset != nil {
-			uid, _ := idmapset.ShiftIntoNs(0, 0)
+			uid, _ := idmapset.ShiftIntoNS(0, 0)
 			rootUID = uint32(uid)
 		}
 

cmd/incusd/instance_exec.go

@@ -203,7 +203,7 @@ func (s *execWs) Do(op *operations.Operation) error {
 			}
 
 			if idmapset != nil {
-				rootUID, rootGID = idmapset.ShiftIntoNs(0, 0)
+				rootUID, rootGID = idmapset.ShiftIntoNS(0, 0)
 			}
 
 			devptsFd, _ = c.DevptsFd()

cmd/incusd/main_activateifneeded.go

@@ -91,11 +91,8 @@ func (c *cmdActivateifneeded) Run(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	// Load the idmap for unprivileged instances
-	d.os.IdmapSet, err = idmap.DefaultIdmapSet("", "")
-	if err != nil {
-		return err
-	}
+	// Set a non-nil IdmapSet to be able to load unprivileged instances
+	d.os.IdmapSet = &idmap.Set{}
 
 	// Look for auto-started or previously started instances
 	path = d.os.GlobalDatabasePath()

cmd/incusd/main_test.go

@@ -33,9 +33,9 @@ func mockStartDaemon() (*Daemon, error) {
 		return nil, err
 	}
 
-	d.os.IdmapSet = &idmap.IdmapSet{Idmap: []idmap.IdmapEntry{
-		{Isuid: true, Hostid: 100000, Nsid: 0, Maprange: 500000},
-		{Isgid: true, Hostid: 100000, Nsid: 0, Maprange: 500000},
+	d.os.IdmapSet = &idmap.IdmapSet{Idmap: []idmap.Entry{
+		{IsUID: true, HostID: 100000, NSID: 0, MapRange: 500000},
+		{IsGID: true, HostID: 100000, NSID: 0, MapRange: 500000},
 	}}
 
 	return d, nil

cmd/incusd/migrate.go

@@ -198,7 +198,7 @@ type migrationSinkArgs struct {
 	// Instance specific fields
 	Instance              instance.Instance
 	InstanceOnly          bool
-	Idmap                 *idmap.IdmapSet
+	Idmap                 *idmap.Set
 	Live                  bool
 	Refresh               bool
 	ClusterMoveSourceName string

internal/instancewriter/instance_tar_writer.go

@@ -19,12 +19,12 @@ import (
 // InstanceTarWriter provides a TarWriter implementation that handles ID shifting and hardlink tracking.
 type InstanceTarWriter struct {
 	tarWriter *tar.Writer
-	idmapSet  *idmap.IdmapSet
+	idmapSet  *idmap.Set
 	linkMap   map[uint64]string
 }
 
 // NewInstanceTarWriter returns a ContainerTarWriter for the provided target Writer and id map.
-func NewInstanceTarWriter(writer io.Writer, idmapSet *idmap.IdmapSet) *InstanceTarWriter {
+func NewInstanceTarWriter(writer io.Writer, idmapSet *idmap.Set) *InstanceTarWriter {
 	ctw := new(InstanceTarWriter)
 	ctw.tarWriter = tar.NewWriter(writer)
 	ctw.idmapSet = idmapSet
@@ -92,7 +92,7 @@ func (ctw *InstanceTarWriter) WriteFile(name string, srcPath string, fi os.FileI
 
 	// Unshift the id under rootfs/ for unpriv containers.
 	if strings.HasPrefix(hdr.Name, "rootfs") && ctw.idmapSet != nil {
-		hUID, hGID := ctw.idmapSet.ShiftFromNs(int64(hdr.Uid), int64(hdr.Gid))
+		hUID, hGID := ctw.idmapSet.ShiftFromNS(int64(hdr.Uid), int64(hdr.Gid))
 		hdr.Uid = int(hUID)
 		hdr.Gid = int(hGID)
 		if hdr.Uid == -1 || hdr.Gid == -1 {

internal/server/device/device_utils_disk.go

@@ -264,18 +264,18 @@ func diskCephfsOptions(clusterName string, userName string, fsName string, fsPat
 
 // diskAddRootUserNSEntry takes a set of idmap entries, and adds host -> userns root uid/gid mappings if needed.
 // Returns the supplied idmap entries with any added root entries.
-func diskAddRootUserNSEntry(idmaps []idmap.IdmapEntry, hostRootID int64) []idmap.IdmapEntry {
+func diskAddRootUserNSEntry(idmaps []idmap.Entry, hostRootID int64) []idmap.Entry {
 	needsNSUIDRootEntry := true
 	needsNSGIDRootEntry := true
 
 	for _, idmap := range idmaps {
 		// Check if the idmap entry contains the userns root user.
-		if idmap.Nsid == 0 {
-			if idmap.Isuid {
+		if idmap.NSID == 0 {
+			if idmap.IsUID {
 				needsNSUIDRootEntry = false // Root UID mapping already present.
 			}
 
-			if idmap.Isgid {
+			if idmap.IsGID {
 				needsNSGIDRootEntry = false // Root GID mapping already present.
 			}
 
@@ -287,12 +287,12 @@ func diskAddRootUserNSEntry(idmaps []idmap.IdmapEntry, hostRootID int64) []idmap
 
 	// Add UID/GID/both mapping entry if needed.
 	if needsNSUIDRootEntry || needsNSGIDRootEntry {
-		idmaps = append(idmaps, idmap.IdmapEntry{
-			Hostid:   hostRootID,
-			Isuid:    needsNSUIDRootEntry,
-			Isgid:    needsNSGIDRootEntry,
-			Nsid:     0,
-			Maprange: 1,
+		idmaps = append(idmaps, idmap.Entry{
+			HostID:   hostRootID,
+			IsUID:    needsNSUIDRootEntry,
+			IsGID:    needsNSGIDRootEntry,
+			NSID:     0,
+			MapRange: 1,
 		})
 	}
 
@@ -303,7 +303,7 @@ func diskAddRootUserNSEntry(idmaps []idmap.IdmapEntry, hostRootID int64) []idmap
 // If the idmaps slice is supplied then the proxy process is run inside a user namespace using the supplied maps.
 // Returns a file handle to the proxy process and a revert fail function that can be used to undo this function if
 // a subsequent step fails,.
-func DiskVMVirtfsProxyStart(execPath string, pidPath string, sharePath string, idmaps []idmap.IdmapEntry) (*os.File, revert.Hook, error) {
+func DiskVMVirtfsProxyStart(execPath string, pidPath string, sharePath string, idmaps []idmap.Entry) (*os.File, revert.Hook, error) {
 	revert := revert.New()
 	defer revert.Fail()
 
@@ -379,8 +379,8 @@ func DiskVMVirtfsProxyStart(execPath string, pidPath string, sharePath string, i
 	}
 
 	if len(idmaps) > 0 {
-		idmapSet := &idmap.IdmapSet{Idmap: idmaps}
-		proc.SetUserns(idmapSet.ToUidMappings(), idmapSet.ToGidMappings())
+		idmapSet := &idmap.Set{Entries: idmaps}
+		proc.SetUserns(idmapSet.ToUIDMappings(), idmapSet.ToGIDMappings())
 	}
 
 	err = proc.StartWithFiles(context.Background(), []*os.File{acceptFile})
@@ -425,7 +425,7 @@ func DiskVMVirtfsProxyStop(pidPath string) error {
 // Returns UnsupportedError error if the host system or instance does not support virtiosfd, returns normal error
 // type if process cannot be started for other reasons.
 // Returns revert function and listener file handle on success.
-func DiskVMVirtiofsdStart(execPath string, inst instance.Instance, socketPath string, pidPath string, logPath string, sharePath string, idmaps []idmap.IdmapEntry) (func(), net.Listener, error) {
+func DiskVMVirtiofsdStart(execPath string, inst instance.Instance, socketPath string, pidPath string, logPath string, sharePath string, idmaps []idmap.Entry) (func(), net.Listener, error) {
 	revert := revert.New()
 	defer revert.Fail()
 
@@ -506,8 +506,8 @@ func DiskVMVirtiofsdStart(execPath string, inst instance.Instance, socketPath st
 	}
 
 	if len(idmaps) > 0 {
-		idmapSet := &idmap.IdmapSet{Idmap: idmaps}
-		proc.SetUserns(idmapSet.ToUidMappings(), idmapSet.ToGidMappings())
+		idmapSet := &idmap.Set{Entries: idmaps}
+		proc.SetUserns(idmapSet.ToUIDMappings(), idmapSet.ToGIDMappings())
 	}
 
 	err = proc.StartWithFiles(context.Background(), []*os.File{unixFile})

internal/server/device/device_utils_disk_test.go

@@ -10,15 +10,15 @@ import (
 
 func TestDiskAddRootUserNSEntry(t *testing.T) {
 	// Check adds a combined uid/gid root entry to an empty list.
-	var idmaps []idmap.IdmapEntry
+	var idmaps []idmap.Entry
 	idmaps = diskAddRootUserNSEntry(idmaps, 65534)
-	expected := []idmap.IdmapEntry{
+	expected := []idmap.Entry{
 		{
-			Isuid:    true,
-			Isgid:    true,
-			Hostid:   65534,
-			Maprange: 1,
-			Nsid:     0,
+			IsUID:    true,
+			IsGID:    true,
+			HostID:   65534,
+			MapRange: 1,
+			NSID:     0,
 		},
 	}
 
@@ -29,55 +29,55 @@ func TestDiskAddRootUserNSEntry(t *testing.T) {
 	assert.Equal(t, idmaps, expected)
 
 	// Check adds a root gid entry if root uid entry already exists.
-	idmaps = []idmap.IdmapEntry{
+	idmaps = []idmap.Entry{
 		{
-			Isuid:    true,
-			Isgid:    false,
-			Hostid:   65534,
-			Maprange: 1,
-			Nsid:     0,
+			IsUID:    true,
+			IsGID:    false,
+			HostID:   65534,
+			MapRange: 1,
+			NSID:     0,
 		},
 	}
 
 	idmaps = diskAddRootUserNSEntry(idmaps, 65534)
-	expected = []idmap.IdmapEntry{
+	expected = []idmap.Entry{
 		{
-			Isuid:    true,
-			Isgid:    false,
-			Hostid:   65534,
-			Maprange: 1,
-			Nsid:     0,
+			IsUID:    true,
+			IsGID:    false,
+			HostID:   65534,
+			MapRange: 1,
+			NSID:     0,
 		},
 		{
-			Isuid:    false,
-			Isgid:    true,
-			Hostid:   65534,
-			Maprange: 1,
-			Nsid:     0,
+			IsUID:    false,
+			IsGID:    true,
+			HostID:   65534,
+			MapRange: 1,
+			NSID:     0,
 		},
 	}
 
 	assert.Equal(t, idmaps, expected)
 
 	// Check adds a root uid entry if root gid entry already exists.
-	idmaps = []idmap.IdmapEntry{
+	idmaps = []idmap.Entry{
 		{
-			Isuid:    false,
-			Isgid:    true,
-			Hostid:   65534,
-			Maprange: 1,
-			Nsid:     0,
+			IsUID:    false,
+			IsGID:    true,
+			HostID:   65534,
+			MapRange: 1,
+			NSID:     0,
 		},
 	}
 
 	idmaps = diskAddRootUserNSEntry(idmaps, 65534)
-	expected = []idmap.IdmapEntry{
+	expected = []idmap.Entry{
 		{
-			Isuid:    false,
-			Isgid:    true,
-			Hostid:   65534,
-			Maprange: 1,
-			Nsid:     0,
+			IsUID:    false,
+			IsGID:    true,
+			HostID:   65534,
+			MapRange: 1,
+			NsID:     0,
 		},
 		{
 			Isuid:    true,

internal/server/device/device_utils_unix.go

@@ -100,7 +100,7 @@ func unixDeviceDestPath(m deviceConfig.Device) string {
 // type field then it defaults to created a unix-char device. The ownership of the created device
 // defaults to root (0) but can be specified with the uid and gid fields in the device config map.
 // It returns a UnixDevice containing information about the device created.
-func UnixDeviceCreate(s *state.State, idmapSet *idmap.IdmapSet, devicesPath string, prefix string, m deviceConfig.Device, defaultMode bool) (*UnixDevice, error) {
+func UnixDeviceCreate(s *state.State, idmapSet *idmap.Set, devicesPath string, prefix string, m deviceConfig.Device, defaultMode bool) (*UnixDevice, error) {
 	var err error
 	d := UnixDevice{}
 
@@ -223,7 +223,7 @@ func UnixDeviceCreate(s *state.State, idmapSet *idmap.IdmapSet, devicesPath stri
 		}
 
 		if idmapSet != nil {
-			err := idmapSet.ShiftFile(devPath)
+			err := idmapSet.ShiftPath(devPath, nil)
 			if err != nil {
 				// uidshift failing is weird, but not a big problem. Log and proceed.
 				logger.Debugf("Failed to uidshift device %s: %s\n", srcPath, err)