IDMapping field for mount point

Signed-off-by: Alexey Perevalov <alexey.perevalov@huawei.com> Co-authored-by: Giuseppe Scrivano <giuseppe@scrivano.org>
opencontainers · May 24, 2022 · 38c0390 · 38c0390
1 parent 6969a0a
commit 38c0390
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/config.md b/config.md
@@ -101,6 +101,15 @@ For POSIX platforms the `mounts` structure has the following fields:
 * **`type`** (string, OPTIONAL) The type of the filesystem to be mounted.
     * Linux: filesystem types supported by the kernel as listed in */proc/filesystems* (e.g., "minix", "ext2", "ext3", "jfs", "xfs", "reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts (when `options` include either `bind` or `rbind`), the type is a dummy, often "none" (not listed in */proc/filesystems*).
     * Solaris: corresponds to "type" of the fs resource in [zonecfg(1M)][zonecfg.1m].
+* **`uidMappings`** (array of type LinuxIDMapping, OPTIONAL) The mapping to convert UIDs from the source file system to the destination mount point.
+This mapping contains the following fields: ContainerID, HostID, Size.
+The Size field is a range for mapping.\
+        As an example.\
+        1000 1001 1       -> map UID 1000 to uid 1001 in <target> and no other UIDs\
+        20000 100000 1000 -> map UID 20000 to uid 100000, uid 20001 to UID 100001 [...] until UID 20999 in <target>\
+* **`gidMappings`** (array of type LinuxIDMapping, OPTIONAL) The mapping to convert GIDs from the source file system to the destination mount point.
+For more details see `uidMappings`.
+
 
 ### Example (Linux)
 

diff --git a/schema/defs.json b/schema/defs.json
@@ -141,6 +141,18 @@
                 },
                 "type": {
                     "type": "string"
+                },
+                "uidMappings": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/IDMapping"
+                    }
+                },
+                "gidMappings": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/IDMapping"
+                    }
                 }
             },
             "required": [

diff --git a/specs-go/config.go b/specs-go/config.go
@@ -117,6 +117,11 @@ type Mount struct {
 	Source string `json:"source,omitempty"`
 	// Options are fstab style mount options.
 	Options []string `json:"options,omitempty"`
+
+	// UID/GID mappings used for changing file owners w/o calling chown, fs should support it.
+	// Every mount point could have its own mapping.
+	UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty" platform:"linux"`
+	GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty" platform:"linux"`
 }
 
 // Hook specifies a command that is run at a particular event in the lifecycle of a container