ns

package
v1.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package ns prepares the local execution environment for the target process. It receives bind mounts, command lines, environment variables, and working directories from the runtime, and feeds either Bubblewrap on Linux or the direct Darwin launcher with the workspace and shim env.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FormatEnv 

func FormatEnv(base []string, brokerSock, shimPath string, pathInj PathInjection) []string

FormatEnv builds the environment slice for the child process, injecting machineproxy-specific variables needed by the shim. When pathInj.Dir is set, it is prepended or appended to PATH (creating a PATH if none exists in base) so the FUSE-backed stub directory is resolved by the shell's PATH search.

Types

type Bind added in v1.1.0 

type Bind struct {
	Src string
	Dst string
}

Bind describes one bind mount entry. Src is a path on the host; Dst is the path it appears at inside the container. Linux honours this via bwrap --bind; darwin (no containment) ignores it.

type Deps 

type Deps struct {
	// LookPath resolves external helpers (e.g. bwrap on Linux). Defaults
	// to exec.LookPath when nil. Unused on platforms with no helper.
	LookPath func(file string) (string, error)
	Log      *slog.Logger
}

Deps allows dependency injection for testing.

type Namespace 

type Namespace struct {
	// contains filtered or unexported fields
}

Namespace builds and executes a bubblewrap (bwrap) sandbox that bind-mounts the host filesystem and overlays a FUSE-backed workspace.

func New 

func New(deps Deps) *Namespace

New creates a Namespace. Call Prepare before Run.

func (*Namespace) Command 

func (n *Namespace) Command(workingDir string, cmdline []string, binds []Bind) (string, []string)

Command returns the bwrap binary path and full argument list without executing anything. Useful for inspection and testing.

func (*Namespace) Leave 

func (n *Namespace) Leave()

Leave releases namespace resources after Run. Bwrap cleans up its own namespaces on exit, so Linux has no additional work here.

func (*Namespace) Prepare 

func (n *Namespace) Prepare(ctx context.Context) error

Prepare locates the bwrap binary. Must be called before Run.

func (*Namespace) Run 

func (n *Namespace) Run(ctx context.Context, workingDir string, cmdline []string, env []string, binds []Bind) error

Run executes cmdline inside a bwrap sandbox. The host root is bind-mounted read-write, and each entry in binds is bind-mounted onto its Dst path so FUSE-backed directories (workspace, path-stub) appear at the expected container locations. workingDir sets the initial working directory inside the container.

type PathInjection added in v1.1.0 

type PathInjection struct {
	// Dir is the absolute path (as seen inside the container) to splice
	// in. When empty, FormatEnv leaves PATH untouched.
	Dir string
	// Position is "prepend" or "append". Empty means prepend.
	Position string
}

PathInjection controls splicing an extra directory into the PATH env variable for the container process.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.