pkg/process: Check using idmap mount options too

The runtime-spec just merged this PR: opencontainers/runtime-spec#1224 This means that it is now possible to request idmap mounts by specifying "idmap" or "ridmap" in the mount options, without any mappings. Let's add a check to see if they are requested in that way too. Signed-off-by: Rodrigo Campos <[email protected]>
kinvolk · Dec 4, 2023 · 8bbce8d · 8bbce8d
1 parent 47163c3
commit 8bbce8d
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/cmd/containerd-shim-runc-v2/process/init.go b/cmd/containerd-shim-runc-v2/process/init.go
@@ -206,6 +206,10 @@ func (p *Init) validateIDMapMounts(ctx context.Context, spec *specs.Spec) error
  used = true
  break
  }
+ if sliceContainsStr(m.Options, "idmap") || sliceContainsStr(m.Options, "ridmap") {
+ used = true
+ break
+ }
  }
 
  if !used {
@@ -552,3 +556,12 @@ func withConditionalIO(c stdio.Stdio) runc.IOOpt {
  o.OpenStderr = c.Stderr != ""
  }
 }
+
+func sliceContainsStr(s []string, str string) bool {
+ for _, s := range s {
+ if s == str {
+ return true
+ }
+ }
+ return false
+}