refactor: move mappings into separate package

container/container_init.go

@@ -36,11 +36,6 @@ func (c *Container) Init(reexec string, arg string, log *zerolog.Logger) error {
 	}
 	defer c.initIPC.closer()
 
-	reexecCmd := exec.Command(
-		reexec,
-		[]string{arg, c.ID()}...,
-	)
-
 	useTerminal := c.Spec.Process != nil &&
 		c.Spec.Process.Terminal &&
 		c.Opts.ConsoleSocket != ""
@@ -100,6 +95,53 @@ func (c *Container) Init(reexec string, arg string, log *zerolog.Logger) error {
 		cg.Add(cgroup1.Process{Pid: c.PID()})
 	}
 
+	// ---------------------------
+
+	if c.Spec.Process != nil && c.Spec.Process.OOMScoreAdj != nil {
+		if err := os.WriteFile(
+			"/proc/self/oom_score_adj",
+			[]byte(strconv.Itoa(*c.Spec.Process.OOMScoreAdj)),
+			0644,
+		); err != nil {
+			return fmt.Errorf("create oom score adj file: %w", err)
+		}
+	}
+
+	if c.State.ConsoleSocket != nil {
+		pty, err := terminal.NewPty()
+		if err != nil {
+			return fmt.Errorf("new pty: %w", err)
+		}
+
+		if err := pty.Connect(); err != nil {
+			return fmt.Errorf("connect pty: %w", err)
+		}
+
+		log.Info().
+			Int("consoleSocket", *c.State.ConsoleSocket).
+			Any("pty master", pty.Master.Name()).
+			Any("pty slave", pty.Slave.Name()).
+			Msg("send pty")
+		if err := terminal.SendPty(
+			*c.State.ConsoleSocket,
+			pty,
+		); err != nil {
+			return fmt.Errorf("connect pty and socket: %w", err)
+		}
+
+	} else {
+		// TODO: fall back to dup2 on stdin, stdout, stderr from c.Opts??
+		log.Info().Msg("not using console socket")
+		fmt.Println("TODO: implement fallback stdio??")
+	}
+
+	// ---------------------------
+
+	reexecCmd := exec.Command(
+		reexec,
+		[]string{arg, c.ID()}...,
+	)
+
 	cloneFlags := uintptr(0)
 
 	var uidMappings []syscall.SysProcIDMap
@@ -170,48 +212,6 @@ func (c *Container) Init(reexec string, arg string, log *zerolog.Logger) error {
 	reexecCmd.Stdout = c.Opts.Stdout
 	reexecCmd.Stderr = c.Opts.Stderr
 
-	// ---------------------------
-
-	if c.Spec.Process != nil && c.Spec.Process.OOMScoreAdj != nil {
-		if err := os.WriteFile(
-			"/proc/self/oom_score_adj",
-			[]byte(strconv.Itoa(*c.Spec.Process.OOMScoreAdj)),
-			0644,
-		); err != nil {
-			return fmt.Errorf("create oom score adj file: %w", err)
-		}
-	}
-
-	if c.State.ConsoleSocket != nil {
-		pty, err := terminal.NewPty()
-		if err != nil {
-			return fmt.Errorf("new pty: %w", err)
-		}
-
-		if err := pty.Connect(); err != nil {
-			return fmt.Errorf("connect pty: %w", err)
-		}
-
-		log.Info().
-			Int("consoleSocket", *c.State.ConsoleSocket).
-			Any("pty master", pty.Master.Name()).
-			Any("pty slave", pty.Slave.Name()).
-			Msg("send pty")
-		if err := terminal.SendPty(
-			*c.State.ConsoleSocket,
-			pty,
-		); err != nil {
-			return fmt.Errorf("connect pty and socket: %w", err)
-		}
-
-	} else {
-		// TODO: fall back to dup2 on stdin, stdout, stderr from c.Opts??
-		log.Info().Msg("not using console socket")
-		fmt.Println("TODO: implement fallback stdio??")
-	}
-
-	// ---------------------------
-
 	if err := reexecCmd.Start(); err != nil {
 		return fmt.Errorf("start reexec container: %w", err)
 	}

container/container_reexec.go

@@ -12,6 +12,7 @@ import (
 	"github.com/nixpig/brownie/cgroups"
 	"github.com/nixpig/brownie/filesystem"
 	"github.com/nixpig/brownie/internal/ipc"
+	"github.com/nixpig/brownie/user"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/rs/zerolog"
 )
@@ -151,31 +152,11 @@ func (c *Container) Reexec(log *zerolog.Logger) error {
 		// syscall.Setgid(int(c.Spec.Process.User.GID))
 
 		if c.Spec.Linux.UIDMappings != nil {
-			var uidMappings []syscall.SysProcIDMap
-
-			for _, uidMapping := range c.Spec.Linux.UIDMappings {
-				uidMappings = append(uidMappings, syscall.SysProcIDMap{
-					ContainerID: int(uidMapping.ContainerID),
-					HostID:      int(uidMapping.HostID),
-					Size:        int(uidMapping.Size),
-				})
-			}
-
-			cmd.SysProcAttr.UidMappings = append(cmd.SysProcAttr.UidMappings, uidMappings...)
+			cmd.SysProcAttr.UidMappings = user.BuildUidMappings(c.Spec.Linux.UIDMappings)
 		}
 
 		if c.Spec.Linux.GIDMappings != nil {
-			var gidMappings []syscall.SysProcIDMap
-
-			for _, gidMapping := range c.Spec.Linux.GIDMappings {
-				gidMappings = append(gidMappings, syscall.SysProcIDMap{
-					ContainerID: int(gidMapping.ContainerID),
-					HostID:      int(gidMapping.HostID),
-					Size:        int(gidMapping.Size),
-				})
-			}
-
-			cmd.SysProcAttr.GidMappings = append(cmd.SysProcAttr.GidMappings, gidMappings...)
+			cmd.SysProcAttr.GidMappings = user.BuildGidMappings(c.Spec.Linux.GIDMappings)
 		}
 
 		cmd.Stdin = os.Stdin

user/user.go

@@ -0,0 +1,35 @@
+package user
+
+import (
+	"syscall"
+
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func BuildUidMappings(specUIDMappings []specs.LinuxIDMapping) []syscall.SysProcIDMap {
+	uidMappings := make([]syscall.SysProcIDMap, len(specUIDMappings))
+
+	for i, m := range specUIDMappings {
+		uidMappings[i] = syscall.SysProcIDMap{
+			ContainerID: int(m.ContainerID),
+			HostID:      int(m.HostID),
+			Size:        int(m.Size),
+		}
+	}
+
+	return uidMappings
+}
+
+func BuildGidMappings(specGIDMappings []specs.LinuxIDMapping) []syscall.SysProcIDMap {
+	gidMappings := make([]syscall.SysProcIDMap, len(specGIDMappings))
+
+	for i, g := range specGIDMappings {
+		gidMappings[i] = syscall.SysProcIDMap{
+			ContainerID: int(g.ContainerID),
+			HostID:      int(g.HostID),
+			Size:        int(g.Size),
+		}
+	}
+
+	return gidMappings
+}