sandbox: read overflow ids

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-03-13 00:41:37 +09:00 · 2025-03-13 00:41:37 +09:00 · 6af8b8859f
commit 6af8b8859f
parent f38ba7e923
1 changed files with 37 additions and 0 deletions
--- a/internal/sandbox/overflow.go
+++ b/internal/sandbox/overflow.go
@ -0,0 +1,37 @@
+package sandbox
+
+import (
+	"bytes"
+	"log"
+	"os"
+	"strconv"
+	"sync"
+)
+
+var (
+	ofUid  int
+	ofGid  int
+	ofOnce sync.Once
+)
+
+const (
+	ofUidPath = "/proc/sys/kernel/overflowuid"
+	ofGidPath = "/proc/sys/kernel/overflowgid"
+)
+
+func mustReadOverflow() {
+	if v, err := os.ReadFile(ofUidPath); err != nil {
+		log.Fatalf("cannot read %q: %v", ofUidPath, err)
+	} else if ofUid, err = strconv.Atoi(string(bytes.TrimSpace(v))); err != nil {
+		log.Fatalf("cannot interpret %q: %v", ofUidPath, err)
+	}
+
+	if v, err := os.ReadFile(ofGidPath); err != nil {
+		log.Fatalf("cannot read %q: %v", ofGidPath, err)
+	} else if ofGid, err = strconv.Atoi(string(bytes.TrimSpace(v))); err != nil {
+		log.Fatalf("cannot interpret %q: %v", ofGidPath, err)
+	}
+}
+
+func OverflowUid() int { ofOnce.Do(mustReadOverflow); return ofUid }
+func OverflowGid() int { ofOnce.Do(mustReadOverflow); return ofGid }