``CONSFIGURATOR.UTIL.LINUX-NAMESPACE``
======================================
API reference
-------------

General
~~~~~~~

Function: ``CONSFIGURATOR.UTIL.LINUX-NAMESPACE:GET-IDS-OFFSET``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

``(consfigurator.util.linux-namespace:get-ids-offset file identifier)``

Where IDENTIFIER is a username or uid, and FILE is structured like
/etc/subuid and /etc/subuid (see subuid(5) and subgid(5)), return the
numerical subordinate ID and numerical subordinate ID count for the first
entry in FILE for IDENTIFIER.

Function: ``CONSFIGURATOR.UTIL.LINUX-NAMESPACE:REDUCE-ID-MAPS``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

``(consfigurator.util.linux-namespace:reduce-id-maps id-maps)``

Where each of ID-MAPS is a list of three integers corresponding to the lines
of the uid_map (resp. gid_map) of a process in a different user namespace as
would be read by a process in the current user namespace, return a function
which maps UIDs (resp. GIDs) in the current user namespace to UIDs
(resp. GIDs) in the user namespace of the process.  The function returns NIL,
not 65534, for values which are unmapped.

A process's uid_map & gid_map files are under /proc; see user_namespaces(7).

Function: ``CONSFIGURATOR.UTIL.LINUX-NAMESPACE:SHIFT-IDS``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

``(consfigurator.util.linux-namespace:shift-ids root uidmap gidmap)``

Recursively map the ownership and POSIX ACLs of files under ROOT by applying
the function UIDMAP to user ownership and UIDs appearing in ACLs, and the
function GIDMAP to group ownership and GIDs appearing in ACLs.  Each of UIDMAP
and GIDMAP should return a non-negative integer or NIL for each non-negative
integer input; in the latter case, no update will be made to the UID or GID.

For example, to recursively shift the ownership and POSIX ACLs of a filesystem
hierarchy to render it suitable for use as a root filesystem in a different
user namespace, you might use

.. code-block:: none

  (shift-ids "/var/lib/lxc/mycontainer/rootfs"
             (reduce-id-maps '(0 100000 65536))
             (reduce-id-maps '(0 100000 65536)))

Here the list (0 100000 65536) describes the relationship between the present
user namespace and the container's user namespace; see the docstring for
CONSFIGURATOR.UTIL.LINUX-NAMESPACE:REDUCE-ID-MAPS and user_namespaces(7).

Function: ``CONSFIGURATOR.UTIL.LINUX-NAMESPACE:GET-USERNS-OWNER``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

``(consfigurator.util.linux-namespace:get-userns-owner fd)``

Function: ``CONSFIGURATOR.UTIL.LINUX-NAMESPACE:SETGROUPS-P``
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

``(consfigurator.util.linux-namespace:setgroups-p)``

In a Lisp-type connection, do we have the ability to use setgroups(2)?
