rootfs

Documentation

Overview

Package rootfs provides an afero.Fs implementation backed by Go's os.Root API. This confines all filesystem operations to a root directory with atomic protection against symlink-based escape attacks via openat2/RESOLVE_BENEATH.

Index

• type RootFs
  • func New(rootPath string) (*RootFs, error)
  • func (r *RootFs) Chmod(name string, mode os.FileMode) error
  • func (r *RootFs) Chown(name string, uid, gid int) error
  • func (r *RootFs) Chtimes(name string, atime time.Time, mtime time.Time) error
  • func (r *RootFs) Close() error
  • func (r *RootFs) Create(name string) (afero.File, error)
  • func (r *RootFs) Mkdir(name string, perm os.FileMode) error
  • func (r *RootFs) MkdirAll(path string, perm os.FileMode) error
  • func (r *RootFs) Name() string
  • func (r *RootFs) Open(name string) (afero.File, error)
  • func (r *RootFs) OpenFile(name string, flag int, perm os.FileMode) (afero.File, error)
  • func (r *RootFs) Remove(name string) error
  • func (r *RootFs) RemoveAll(path string) error
  • func (r *RootFs) Rename(oldname, newname string) error
  • func (r *RootFs) Stat(name string) (os.FileInfo, error)

Types

type RootFs

type RootFs struct {
	// contains filtered or unexported fields
}

RootFs is an afero.Fs implementation backed by os.Root. All operations are confined to the root directory using Go's os.Root API, which provides atomic protection against symlink-based escape attacks via the kernel's openat2/RESOLVE_BENEATH on Linux.

Security model:

• All paths are treated as relative to the root directory
• Leading slashes are stripped (e.g., "/foo" becomes "foo")
• Symlinks within the root that resolve within the root are allowed
• Symlinks that would escape the root are rejected atomically by the kernel
• No TOCTOU vulnerabilities: symlink checks happen at the kernel level during file open, not as separate stat+open operations

func New

func New(rootPath string) (*RootFs, error)

New creates a new RootFs rooted at the given directory path. The path must exist and be a directory.

func (*RootFs) Chmod

func (r *RootFs) Chmod(name string, mode os.FileMode) error

Chmod changes the mode of the named file.

func (*RootFs) Chown

func (r *RootFs) Chown(name string, uid, gid int) error

Chown changes the uid and gid of the named file.

func (*RootFs) Chtimes

func (r *RootFs) Chtimes(name string, atime time.Time, mtime time.Time) error

Chtimes changes the access and modification times of the named file.

func (*RootFs) Close

func (r *RootFs) Close() error

Close releases resources held by the RootFs.

func (*RootFs) Create

func (r *RootFs) Create(name string) (afero.File, error)

Create creates a file in the filesystem, returning the file and any error.

func (*RootFs) Mkdir

func (r *RootFs) Mkdir(name string, perm os.FileMode) error

Mkdir creates a directory in the filesystem.

func (*RootFs) MkdirAll

func (r *RootFs) MkdirAll(path string, perm os.FileMode) error

MkdirAll creates a directory path and all parents that do not exist yet.

func (*RootFs) Name

func (r *RootFs) Name() string

Name returns the name of this filesystem.

func (*RootFs) Open

func (r *RootFs) Open(name string) (afero.File, error)

Open opens a file, returning it or an error.

func (*RootFs) OpenFile

func (r *RootFs) OpenFile(name string, flag int, perm os.FileMode) (afero.File, error)

OpenFile opens a file using the given flags and mode.

func (*RootFs) Remove

func (r *RootFs) Remove(name string) error

Remove removes a file or empty directory.

func (*RootFs) RemoveAll

func (r *RootFs) RemoveAll(path string) error

RemoveAll removes a directory path and all children it contains.

func (*RootFs) Rename

func (r *RootFs) Rename(oldname, newname string) error

Rename renames a file or directory within the root atomically.

func (*RootFs) Stat

func (r *RootFs) Stat(name string) (os.FileInfo, error)

Stat returns file info for the named file.