IDMapping field for mount point

Signed-off-by: Alexey Perevalov <alexey.perevalov@huawei.com> Co-authored-by: Giuseppe Scrivano <giuseppe@scrivano.org>
2026-02-05 09:45:57 +01:00 · 2022-04-29 01:03:26 +08:00
parent 6969a0a09a
commit 9d1130dc3b
3 changed files with 22 additions and 0 deletions
--- a/config.md
+++ b/config.md
@@ -101,6 +101,11 @@ For POSIX platforms the `mounts` structure has the following fields:
 * **`type`** (string, OPTIONAL) The type of the filesystem to be mounted.
    * Linux: filesystem types supported by the kernel as listed in */proc/filesystems* (e.g., "minix", "ext2", "ext3", "jfs", "xfs", "reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts (when `options` include either `bind` or `rbind`), the type is a dummy, often "none" (not listed in */proc/filesystems*).
    * Solaris: corresponds to "type" of the fs resource in [zonecfg(1M)][zonecfg.1m].
+* **`uidMappings`** (array of type LinuxIDMapping, OPTIONAL) The mapping to convert UIDs from the source file system to the destination mount point.\
+The format is the same as [user namespace mappings](config-linux.md#user-namespace-mappings).
+* **`gidMappings`** (array of type LinuxIDMapping, OPTIONAL) The mapping to convert GIDs from the source file system to the destination mount point.
+For more details see `uidMappings`.
+

 ### Example (Linux)

--- a/schema/defs.json
+++ b/schema/defs.json
@@ -141,6 +141,18 @@
                },
                "type": {
                    "type": "string"
+                },
+                "uidMappings": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/IDMapping"
+                    }
+                },
+                "gidMappings": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/IDMapping"
+                    }
                }
            },
            "required": [
--- a/specs-go/config.go
+++ b/specs-go/config.go
@@ -117,6 +117,11 @@ type Mount struct {
 	Source string `json:"source,omitempty"`
 	// Options are fstab style mount options.
 	Options []string `json:"options,omitempty"`
+
+	// UID/GID mappings used for changing file owners w/o calling chown, fs should support it.
+	// Every mount point could have its own mapping.
+	UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty" platform:"linux"`
+	GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty" platform:"linux"`
 }

 // Hook specifies a command that is run at a particular event in the lifecycle of a container