ns

package

v1.1.0 Latest Latest Go to latest Published: May 18, 2026 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jamesits/machineproxy

Links

Open Source Insights

Documentation ¶

Index ¶

func FormatEnv(base []string, brokerSock, shimPath string, pathInj PathInjection) []string
type Bind
type Deps
type Namespace
- func New(deps Deps) *Namespace
type PathInjection

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func FormatEnv ¶

func FormatEnv(base []string, brokerSock, shimPath string, pathInj PathInjection) []string

FormatEnv builds the environment slice for the child process, injecting machineproxy-specific variables needed by the shim. When pathInj.Dir is set, it is prepended or appended to PATH (creating a PATH if none exists in base) so the FUSE-backed stub directory is resolved by the shell's PATH search.

Types ¶

type Bind ¶ added in v1.1.0

type Bind struct {
	Src string
	Dst string
}

Bind describes one bwrap --bind entry. Src is a path on the host; Dst is the path it appears at inside the namespace.

type Deps ¶

type Deps struct {
	// LookPath resolves the bwrap binary. Defaults to exec.LookPath.
	LookPath func(file string) (string, error)
	Log      *slog.Logger
}

Deps allows dependency injection for testing.

type Namespace ¶

type Namespace struct {
	// contains filtered or unexported fields
}

Namespace builds and executes a bubblewrap (bwrap) sandbox that bind-mounts the host filesystem and overlays a FUSE-backed workspace.

func New ¶

func New(deps Deps) *Namespace

New creates a Namespace. Call Prepare before Run.

func (*Namespace) Command ¶

func (n *Namespace) Command(workingDir string, cmdline []string, binds []Bind) (string, []string)

Command returns the bwrap binary path and full argument list without executing anything. Useful for inspection and testing.

func (*Namespace) Leave ¶

func (n *Namespace) Leave()

Leave is a no-op retained for interface compatibility. Bwrap cleans up its own namespaces on exit.

func (*Namespace) Prepare ¶

func (n *Namespace) Prepare(ctx context.Context) error

Prepare locates the bwrap binary. Must be called before Run.

func (*Namespace) Run ¶

func (n *Namespace) Run(ctx context.Context, workingDir string, cmdline []string, env []string, binds []Bind) error

Run executes cmdline inside a bwrap sandbox. The host root is bind-mounted read-write, and each entry in binds is bind-mounted onto its Dst path so FUSE-backed directories (workspace, path-stub) appear at the expected container locations. workingDir sets the initial working directory inside the container.

type PathInjection ¶ added in v1.1.0

type PathInjection struct {
	// Dir is the absolute path (as seen inside the container) to splice
	// in. When empty, FormatEnv leaves PATH untouched.
	Dir string
	// Position is "prepend" or "append". Empty means prepend.
	Position string
}

PathInjection controls splicing an extra directory into the PATH env variable for the container process.

Source Files ¶

View all Source files

mountns_linux.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL