Documentation
¶
Overview ¶
Package nsfix helps to deal with switching to other process namespaces to execute some particular piece of code. While starting from Go 1.10 it's possible to switch to different non-mnt namespaces without the danger of corrupting other goroutines' state, there's still a problem of not being able to switch to another mount namespace from a Go program without the "constructor" hack. For more info, see https://stackoverflow.com/a/25707007/40846 https://github.com/golang/go/issues/8676
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HandleReexec ¶
func HandleReexec()
HandleReexec handles executing the code in another namespace. If reexcution is requested, the function calls os.Exit() after handling it.
func RegisterReexec ¶
func RegisterReexec(name string, handler ReexecHandler, arg interface{})
RegisterReexec registers the specified function as a reexec handler. arg specifies the argument type to pass. Note that if you pass somestruct{} as arg, the handler will receive *somestruct as its argument (i.e. a level of pointer indirection is added).
Types ¶
type Call ¶
type Call struct {
// contains filtered or unexported fields
}
Call describes a call to be executed in network, mount, UTS and IPC namespaces of another process.
func (*Call) RemountSys ¶
RemountSys instructs Call to remount /sys in the new process
func (*Call) SpawnInNamespaces ¶
SpawnInNamespaces executes the specified handler using network, mount, UTS and IPC namespaces of the specified process. It passes the argument to the handler using JSON serialization. It then returns the value returned by the handler (also via JSON serialization + deserialization). If dropPrivs is true, the new process will execute using non-root uid/gid (using real uid/gid of the process if they're non-zero or 65534 which is nobody/nogroup)
func (*Call) SwitchToNamespaces ¶
SwitchToNamespaces executes the specified handler using network, mount, UTS and IPC namespaces of the specified process. It passes the argument to the handler using JSON serialization. The current process gets replaced by the new one. If dropPrivs is true, the new process will execute using non-root uid/gid (using real uid/gid of the process if they're non-zero or 65534 which is nobody/nogroup)
type ReexecHandler ¶
type ReexecHandler func(arg interface{}) (interface{}, error)
ReexecHandler is a function that can be passed to RegisterReexec to be executed my nsfix mechanism after self-reexec. arg can be safely casted to the type of arg passed to RegisterReexec plus one level of pointer inderection, i.e. if you pass somestruct{} to RegisterReexec you may cast arg safely to *somestruct.
Source Files