Merge pull request #780 from giuseppe/idmapped-mounts

linux: new mount option "idmap"

Author: flouthoc

crun.1

@@ -638,6 +638,12 @@ itself.
 .PP
 If the \fB\fCrro\fR option is specified then the mount is made recursively read-only.
 
+.SH idmap mount options
+.PP
+If the \fB\fCidmap\fR option is specified then the mount is ID mapped using the container
+target user namespace.  This is an experimental feature and can change at any time
+without notice.
+
 .SH Automatically create user namespace
 .PP
 When running as user different than root, an user namespace is

crun.1.md

@@ -507,6 +507,12 @@ itself.
 
 If the `rro` option is specified then the mount is made recursively read-only.
 
+## idmap mount options
+
+If the `idmap` option is specified then the mount is ID mapped using the container
+target user namespace.  This is an experimental feature and can change at any time
+without notice.
+
 ## Automatically create user namespace
 
 When running as user different than root, an user namespace is

src/libcrun/container.c

@@ -543,8 +543,12 @@ libcrun_container_free (libcrun_container_t *ctr)
   if (ctr == NULL)
     return;
 
+  if (ctr->cleanup_private_data)
+    ctr->cleanup_private_data (ctr->private_data);
+
   if (ctr->container_def)
     free_runtime_spec_schema_config_schema (ctr->container_def);
+
   free (ctr);
 }
 

src/libcrun/container.h

@@ -74,6 +74,7 @@ struct libcrun_container_s
   bool use_intermediate_userns;
 
   void *private_data;
+  void (*cleanup_private_data) (void *private_data);
   struct libcrun_context_s *context;
 };