sandbox

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 25, 2025 License: MIT Imports: 19 Imported by: 0

Documentation

Overview

Package sandbox provides utilities for checking sandbox outcome.

This package must never be used outside integration tests, there is a much better native implementation of mountinfo in the public sandbox/vfs package. Files in this package are excluded by the build system to prevent accidental misuse.

Index

Constants

View Source 
const (
	NULL = 0

	PTRACE_ATTACH             = 16
	PTRACE_DETACH             = 17
	PTRACE_SECCOMP_GET_FILTER = 0x420c
)

Variables

View Source 
var (
	ErrFSBadLength  = errors.New("bad dir length")
	ErrFSBadData    = errors.New("data differs")
	ErrFSBadMode    = errors.New("mode differs")
	ErrFSInvalidEnt = errors.New("invalid entry condition")
)
View Source 
var (
	ErrMountinfoParse = errors.New("invalid mountinfo records")
	ErrMountinfoIter  = errors.New("cannot allocate iterator")
	ErrMountinfoFault = errors.New("cannot iterate on filesystems")
)

Functions

func CheckFilter added in v0.3.2 

func CheckFilter(pid int, want string) error

func MustCheckFilter added in v0.3.2 

func MustCheckFilter(pid int, want string)

Types

type FS 

type FS struct {
	Mode fs.FileMode    `json:"mode"`
	Dir  map[string]*FS `json:"dir"`
	Data *string        `json:"data"`
}

func (*FS) Compare 

func (s *FS) Compare(prefix string, e fs.FS) error

type Mountinfo 

type Mountinfo struct {
	// contains filtered or unexported fields
}

func NewMountinfo 

func NewMountinfo(p string) *Mountinfo

func (*Mountinfo) Entries 

func (m *Mountinfo) Entries() iter.Seq[*MountinfoEntry]

func (*Mountinfo) Err 

func (m *Mountinfo) Err() error

func (*Mountinfo) Parse 

func (m *Mountinfo) Parse() error

func (*Mountinfo) Unref 

func (m *Mountinfo) Unref()

type MountinfoEntry 

type MountinfoEntry struct {
	// mount ID: a unique ID for the mount (may be reused after umount(2)).
	ID int `json:"id"`
	// parent ID: the ID of the parent mount (or of self for the root of this mount namespace's mount tree).
	Parent int `json:"parent"`
	// root: the pathname of the directory in the filesystem which forms the root of this mount.
	Root string `json:"root"`
	// mount point: the pathname of the mount point relative to the process's root directory.
	Target string `json:"target"`
	// mount options: per-mount options (see mount(2)).
	VfsOptstr string `json:"vfs_optstr"`
	// filesystem type: the filesystem type in the form "type[.subtype]".
	FsType string `json:"fstype"`
	// mount source: filesystem-specific information or "none".
	Source string `json:"source"`
	// super options: per-superblock options (see mount(2)).
	FsOptstr string `json:"fs_optstr"`
}

MountinfoEntry represents deterministic mountinfo parts of a libmnt_fs entry.

func (*MountinfoEntry) EqualWithIgnore 

func (e *MountinfoEntry) EqualWithIgnore(want *MountinfoEntry, ignore string) bool

func (*MountinfoEntry) String 

func (e *MountinfoEntry) String() string

type T 

type T struct {
	FS fs.FS

	MountsPath string
}

func (*T) MustCheck 

func (t *T) MustCheck(want *TestCase)

func (*T) MustCheckFile 

func (t *T) MustCheckFile(wantFilePath, markerPath string)

type TestCase 

type TestCase struct {
	Env     []string          `json:"env"`
	FS      *FS               `json:"fs"`
	Mount   []*MountinfoEntry `json:"mount"`
	Seccomp bool              `json:"seccomp"`
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.