Documentation ¶
Overview ¶
Package container provides tools for introspecting containers.
Index ¶
Constants ¶
const ( // RuntimeDocker is the string for the docker runtime. RuntimeDocker = "docker" // RuntimeRkt is the string for the rkt runtime. RuntimeRkt = "rkt" // RuntimeNspawn is the string for the systemd-nspawn runtime. RuntimeNspawn = "systemd-nspawn" // RuntimeLXC is the string for the lxc runtime. RuntimeLXC = "lxc" // RuntimeLXCLibvirt is the string for the lxc-libvirt runtime. RuntimeLXCLibvirt = "lxc-libvirt" // RuntimeOpenVZ is the string for the openvz runtime. RuntimeOpenVZ = "openvz" // RuntimeKubernetes is the string for the kubernetes runtime. RuntimeKubernetes = "kube" // RuntimeGarden is the string for the garden runtime. RuntimeGarden = "garden" )
Variables ¶
var ( // ErrContainerRuntimeNotFound describes when a container runtime could not be found. ErrContainerRuntimeNotFound = errors.New("container runtime could not be found") )
Functions ¶
func AppArmorProfile ¶
func AppArmorProfile() string
AppArmorProfile determines the apparmor profile for a container.
func Capabilities ¶
Capabilities returns the allowed capabilities in the container.
func Chroot ¶
Chroot detects if we are running in a chroot or a pivot_root. Currently, we can not distinguish between the two.
func DetectRuntime ¶
DetectRuntime returns the container runtime the process is running in.
func HasNamespace ¶
HasNamespace determines if the container is using a particular namespace or the host namespace. The device number of an unnamespaced /proc/1/ns/{ns} is 4 and anything else is higher.
func SeccompEnforcingMode ¶
SeccompEnforcingMode returns the seccomp enforcing level (disabled, filtering, strict)
Types ¶
type UserMapping ¶
UserMapping holds the values for a {uid,gid}_map.
func UserNamespace ¶
func UserNamespace() (bool, []UserMapping)
UserNamespace determines if the container is running in a UserNamespace and returns the mappings if so.