1*f5b20388Scodeironman #![allow(dead_code, unused_variables, unused_imports)] 2*f5b20388Scodeironman 3*f5b20388Scodeironman use alloc::boxed::Box; 4*f5b20388Scodeironman 5*f5b20388Scodeironman use crate::libs::rwlock::RwLock; 6*f5b20388Scodeironman use alloc::string::String; 7*f5b20388Scodeironman use alloc::string::ToString; 8*f5b20388Scodeironman 9*f5b20388Scodeironman use alloc::vec::Vec; 10*f5b20388Scodeironman use system_error::SystemError; 11*f5b20388Scodeironman 12*f5b20388Scodeironman use crate::namespaces::namespace::NsCommon; 13*f5b20388Scodeironman use crate::namespaces::ucount::UCounts; 14*f5b20388Scodeironman use crate::process::fork::CloneFlags; 15*f5b20388Scodeironman use crate::process::Pid; 16*f5b20388Scodeironman use alloc::sync::Arc; 17*f5b20388Scodeironman 18*f5b20388Scodeironman use super::namespace::NsOperations; 19*f5b20388Scodeironman use super::ucount::Ucount::Counts; 20*f5b20388Scodeironman 21*f5b20388Scodeironman const UID_GID_MAP_MAX_BASE_EXTENTS: usize = 5; 22*f5b20388Scodeironman const UCOUNT_MAX: u32 = 62636; 23*f5b20388Scodeironman /// 管理用户ID和组ID的映射 24*f5b20388Scodeironman #[allow(dead_code)] 25*f5b20388Scodeironman #[derive(Clone, Debug)] 26*f5b20388Scodeironman struct UidGidMap { 27*f5b20388Scodeironman nr_extents: u32, 28*f5b20388Scodeironman extent: Vec<UidGidExtent>, 29*f5b20388Scodeironman } 30*f5b20388Scodeironman 31*f5b20388Scodeironman ///区间映射 32*f5b20388Scodeironman #[allow(dead_code)] 33*f5b20388Scodeironman #[derive(Clone, Debug)] 34*f5b20388Scodeironman struct UidGidExtent { 35*f5b20388Scodeironman first: u32, 36*f5b20388Scodeironman lower_first: u32, 37*f5b20388Scodeironman count: u32, 38*f5b20388Scodeironman } 39*f5b20388Scodeironman #[derive(Debug)] 40*f5b20388Scodeironman pub struct UserNamespace { 41*f5b20388Scodeironman uid_map: UidGidMap, 42*f5b20388Scodeironman gid_map: UidGidMap, 43*f5b20388Scodeironman progid_map: UidGidMap, 44*f5b20388Scodeironman ///项目ID映射 45*f5b20388Scodeironman parent: Option<Arc<UserNamespace>>, 46*f5b20388Scodeironman level: u32, 47*f5b20388Scodeironman owner: usize, 48*f5b20388Scodeironman group: usize, 49*f5b20388Scodeironman ns_common: Arc<NsCommon>, 50*f5b20388Scodeironman flags: u32, 51*f5b20388Scodeironman pid: Arc<RwLock<Pid>>, 52*f5b20388Scodeironman pub ucounts: Option<Arc<UCounts>>, 53*f5b20388Scodeironman pub ucount_max: Vec<u32>, //vec![u32; UCOUNT_COUNTS as usize], 54*f5b20388Scodeironman pub rlimit_max: Vec<u32>, // vec![u32; UCOUNT_RLIMIT_COUNTS as usize], 55*f5b20388Scodeironman } 56*f5b20388Scodeironman 57*f5b20388Scodeironman impl Default for UserNamespace { default() -> Self58*f5b20388Scodeironman fn default() -> Self { 59*f5b20388Scodeironman Self::new() 60*f5b20388Scodeironman } 61*f5b20388Scodeironman } 62*f5b20388Scodeironman #[derive(Debug)] 63*f5b20388Scodeironman struct UserNsOperations { 64*f5b20388Scodeironman name: String, 65*f5b20388Scodeironman clone_flags: CloneFlags, 66*f5b20388Scodeironman } 67*f5b20388Scodeironman impl UserNsOperations { new(name: String) -> Self68*f5b20388Scodeironman pub fn new(name: String) -> Self { 69*f5b20388Scodeironman Self { 70*f5b20388Scodeironman name, 71*f5b20388Scodeironman clone_flags: CloneFlags::CLONE_NEWUSER, 72*f5b20388Scodeironman } 73*f5b20388Scodeironman } 74*f5b20388Scodeironman } 75*f5b20388Scodeironman impl NsOperations for UserNsOperations { get(&self, pid: Pid) -> Option<Arc<NsCommon>>76*f5b20388Scodeironman fn get(&self, pid: Pid) -> Option<Arc<NsCommon>> { 77*f5b20388Scodeironman unimplemented!() 78*f5b20388Scodeironman } get_parent(&self, ns_common: Arc<NsCommon>) -> Result<Arc<NsCommon>, SystemError>79*f5b20388Scodeironman fn get_parent(&self, ns_common: Arc<NsCommon>) -> Result<Arc<NsCommon>, SystemError> { 80*f5b20388Scodeironman unimplemented!() 81*f5b20388Scodeironman } install( &self, nsset: &mut super::NsSet, ns_common: Arc<NsCommon>, ) -> Result<(), SystemError>82*f5b20388Scodeironman fn install( 83*f5b20388Scodeironman &self, 84*f5b20388Scodeironman nsset: &mut super::NsSet, 85*f5b20388Scodeironman ns_common: Arc<NsCommon>, 86*f5b20388Scodeironman ) -> Result<(), SystemError> { 87*f5b20388Scodeironman unimplemented!() 88*f5b20388Scodeironman } owner(&self, ns_common: Arc<NsCommon>) -> Arc<UserNamespace>89*f5b20388Scodeironman fn owner(&self, ns_common: Arc<NsCommon>) -> Arc<UserNamespace> { 90*f5b20388Scodeironman unimplemented!() 91*f5b20388Scodeironman } put(&self, ns_common: Arc<NsCommon>)92*f5b20388Scodeironman fn put(&self, ns_common: Arc<NsCommon>) { 93*f5b20388Scodeironman unimplemented!() 94*f5b20388Scodeironman } 95*f5b20388Scodeironman } 96*f5b20388Scodeironman impl UidGidMap { new() -> Self97*f5b20388Scodeironman pub fn new() -> Self { 98*f5b20388Scodeironman Self { 99*f5b20388Scodeironman nr_extents: 1, 100*f5b20388Scodeironman extent: vec![UidGidExtent::new(); UID_GID_MAP_MAX_BASE_EXTENTS], 101*f5b20388Scodeironman } 102*f5b20388Scodeironman } 103*f5b20388Scodeironman } 104*f5b20388Scodeironman 105*f5b20388Scodeironman impl UidGidExtent { new() -> Self106*f5b20388Scodeironman pub fn new() -> Self { 107*f5b20388Scodeironman Self { 108*f5b20388Scodeironman first: 0, 109*f5b20388Scodeironman lower_first: 0, 110*f5b20388Scodeironman count: u32::MAX, 111*f5b20388Scodeironman } 112*f5b20388Scodeironman } 113*f5b20388Scodeironman } 114*f5b20388Scodeironman 115*f5b20388Scodeironman impl UserNamespace { new() -> Self116*f5b20388Scodeironman pub fn new() -> Self { 117*f5b20388Scodeironman Self { 118*f5b20388Scodeironman uid_map: UidGidMap::new(), 119*f5b20388Scodeironman gid_map: UidGidMap::new(), 120*f5b20388Scodeironman progid_map: UidGidMap::new(), 121*f5b20388Scodeironman owner: 0, 122*f5b20388Scodeironman level: 0, 123*f5b20388Scodeironman group: 0, 124*f5b20388Scodeironman flags: 1, 125*f5b20388Scodeironman parent: None, 126*f5b20388Scodeironman ns_common: Arc::new(NsCommon::new(Box::new(UserNsOperations::new( 127*f5b20388Scodeironman "User".to_string(), 128*f5b20388Scodeironman )))), 129*f5b20388Scodeironman pid: Arc::new(RwLock::new(Pid::new(1))), 130*f5b20388Scodeironman ucount_max: vec![UCOUNT_MAX; Counts as usize], 131*f5b20388Scodeironman ucounts: None, 132*f5b20388Scodeironman rlimit_max: vec![65535, 10, 32000, 64 * 1024], 133*f5b20388Scodeironman } 134*f5b20388Scodeironman } 135*f5b20388Scodeironman } 136