Documentation

Index

Constants

View Source
const (
	Wildcard = -1
)

Variables

View Source
var (
	// These are devices that are to be both allowed and created.
	DefaultSimpleDevices = []*Device{

		{
			Path:        "/dev/null",
			Type:        'c',
			Major:       1,
			Minor:       3,
			Permissions: "rwm",
			FileMode:    0666,
		},
		{
			Path:        "/dev/zero",
			Type:        'c',
			Major:       1,
			Minor:       5,
			Permissions: "rwm",
			FileMode:    0666,
		},

		{
			Path:        "/dev/full",
			Type:        'c',
			Major:       1,
			Minor:       7,
			Permissions: "rwm",
			FileMode:    0666,
		},

		{
			Path:        "/dev/tty",
			Type:        'c',
			Major:       5,
			Minor:       0,
			Permissions: "rwm",
			FileMode:    0666,
		},

		{
			Path:        "/dev/urandom",
			Type:        'c',
			Major:       1,
			Minor:       9,
			Permissions: "rwm",
			FileMode:    0666,
		},
		{
			Path:        "/dev/random",
			Type:        'c',
			Major:       1,
			Minor:       8,
			Permissions: "rwm",
			FileMode:    0666,
		},
	}
	DefaultAllowedDevices = append([]*Device{

		{
			Type:        'c',
			Major:       Wildcard,
			Minor:       Wildcard,
			Permissions: "m",
		},
		{
			Type:        'b',
			Major:       Wildcard,
			Minor:       Wildcard,
			Permissions: "m",
		},

		{
			Path:        "/dev/console",
			Type:        'c',
			Major:       5,
			Minor:       1,
			Permissions: "rwm",
		},

		{
			Path:        "",
			Type:        'c',
			Major:       136,
			Minor:       Wildcard,
			Permissions: "rwm",
		},
		{
			Path:        "",
			Type:        'c',
			Major:       5,
			Minor:       2,
			Permissions: "rwm",
		},

		{
			Path:        "",
			Type:        'c',
			Major:       10,
			Minor:       200,
			Permissions: "rwm",
		},
	}, DefaultSimpleDevices...)
	DefaultAutoCreatedDevices = append([]*Device{
		{

			Path:        "/dev/fuse",
			Type:        'c',
			Major:       10,
			Minor:       229,
			Permissions: "rwm",
		},
	}, DefaultSimpleDevices...)
)

Functions

func IsNamespaceSupported

func IsNamespaceSupported(ns NamespaceType) bool

    IsNamespaceSupported returns whether a namespace is available or not

    Types

    type Action

    type Action int

      An action to be taken upon rule match in Seccomp

      const (
      	Kill Action = iota + 1
      	Errno
      	Trap
      	Allow
      	Trace
      )

      type Arg

      type Arg struct {
      	Index    uint     `json:"index"`
      	Value    uint64   `json:"value"`
      	ValueTwo uint64   `json:"value_two"`
      	Op       Operator `json:"op"`
      }

        A rule to match a specific syscall argument in Seccomp

        type Cgroup

        type Cgroup struct {
        	// Deprecated, use Path instead
        	Name string `json:"name,omitempty"`
        
        	// name of parent of cgroup or slice
        	// Deprecated, use Path instead
        	Parent string `json:"parent,omitempty"`
        
        	// Path specifies the path to cgroups that are created and/or joined by the container.
        	// The path is assumed to be relative to the host system cgroup mountpoint.
        	Path string `json:"path"`
        
        	// ScopePrefix decribes prefix for the scope name
        	ScopePrefix string `json:"scope_prefix"`
        
        	// Paths represent the absolute cgroups paths to join.
        	// This takes precedence over Path.
        	Paths map[string]string
        
        	// Resources contains various cgroups settings to apply
        	*Resources
        }

        type Command

        type Command struct {
        	Path    string         `json:"path"`
        	Args    []string       `json:"args"`
        	Env     []string       `json:"env"`
        	Dir     string         `json:"dir"`
        	Timeout *time.Duration `json:"timeout"`
        }

        func (Command) Run

        func (c Command) Run(s HookState) error

        type CommandHook

        type CommandHook struct {
        	Command
        }

        func NewCommandHook

        func NewCommandHook(cmd Command) CommandHook

          NewCommandHooks will execute the provided command when the hook is run.

          type Config

          type Config struct {
          	// NoPivotRoot will use MS_MOVE and a chroot to jail the process into the container's rootfs
          	// This is a common option when the container is running in ramdisk
          	NoPivotRoot bool `json:"no_pivot_root"`
          
          	// ParentDeathSignal specifies the signal that is sent to the container's process in the case
          	// that the parent process dies.
          	ParentDeathSignal int `json:"parent_death_signal"`
          
          	// PivotDir allows a custom directory inside the container's root filesystem to be used as pivot, when NoPivotRoot is not set.
          	// When a custom PivotDir not set, a temporary dir inside the root filesystem will be used. The pivot dir needs to be writeable.
          	// This is required when using read only root filesystems. In these cases, a read/writeable path can be (bind) mounted somewhere inside the root filesystem to act as pivot.
          	PivotDir string `json:"pivot_dir"`
          
          	// Path to a directory containing the container's root filesystem.
          	Rootfs string `json:"rootfs"`
          
          	// Readonlyfs will remount the container's rootfs as readonly where only externally mounted
          	// bind mounts are writtable.
          	Readonlyfs bool `json:"readonlyfs"`
          
          	// Specifies the mount propagation flags to be applied to /.
          	RootPropagation int `json:"rootPropagation"`
          
          	// Mounts specify additional source and destination paths that will be mounted inside the container's
          	// rootfs and mount namespace if specified
          	Mounts []*Mount `json:"mounts"`
          
          	// The device nodes that should be automatically created within the container upon container start.  Note, make sure that the node is marked as allowed in the cgroup as well!
          	Devices []*Device `json:"devices"`
          
          	MountLabel string `json:"mount_label"`
          
          	// Hostname optionally sets the container's hostname if provided
          	Hostname string `json:"hostname"`
          
          	// Namespaces specifies the container's namespaces that it should setup when cloning the init process
          	// If a namespace is not provided that namespace is shared from the container's parent process
          	Namespaces Namespaces `json:"namespaces"`
          
          	// Capabilities specify the capabilities to keep when executing the process inside the container
          	// All capbilities not specified will be dropped from the processes capability mask
          	Capabilities []string `json:"capabilities"`
          
          	// Networks specifies the container's network setup to be created
          	Networks []*Network `json:"networks"`
          
          	// Routes can be specified to create entries in the route table as the container is started
          	Routes []*Route `json:"routes"`
          
          	// Cgroups specifies specific cgroup settings for the various subsystems that the container is
          	// placed into to limit the resources the container has available
          	Cgroups *Cgroup `json:"cgroups"`
          
          	// AppArmorProfile specifies the profile to apply to the process running in the container and is
          	// change at the time the process is execed
          	AppArmorProfile string `json:"apparmor_profile,omitempty"`
          
          	// ProcessLabel specifies the label to apply to the process running in the container.  It is
          	// commonly used by selinux
          	ProcessLabel string `json:"process_label,omitempty"`
          
          	// Rlimits specifies the resource limits, such as max open files, to set in the container
          	// If Rlimits are not set, the container will inherit rlimits from the parent process
          	Rlimits []Rlimit `json:"rlimits,omitempty"`
          
          	// OomScoreAdj specifies the adjustment to be made by the kernel when calculating oom scores
          	// for a process. Valid values are between the range [-1000, '1000'], where processes with
          	// higher scores are preferred for being killed.
          	// More information about kernel oom score calculation here: https://lwn.net/Articles/317814/
          	OomScoreAdj int `json:"oom_score_adj"`
          
          	// AdditionalGroups specifies the gids that should be added to supplementary groups
          	// in addition to those that the user belongs to.
          	AdditionalGroups []string `json:"additional_groups"`
          
          	// UidMappings is an array of User ID mappings for User Namespaces
          	UidMappings []IDMap `json:"uid_mappings"`
          
          	// GidMappings is an array of Group ID mappings for User Namespaces
          	GidMappings []IDMap `json:"gid_mappings"`
          
          	// MaskPaths specifies paths within the container's rootfs to mask over with a bind
          	// mount pointing to /dev/null as to prevent reads of the file.
          	MaskPaths []string `json:"mask_paths"`
          
          	// ReadonlyPaths specifies paths within the container's rootfs to remount as read-only
          	// so that these files prevent any writes.
          	ReadonlyPaths []string `json:"readonly_paths"`
          
          	// Sysctl is a map of properties and their values. It is the equivalent of using
          	// sysctl -w my.property.name value in Linux.
          	Sysctl map[string]string `json:"sysctl"`
          
          	// Seccomp allows actions to be taken whenever a syscall is made within the container.
          	// A number of rules are given, each having an action to be taken if a syscall matches it.
          	// A default action to be taken if no rules match is also given.
          	Seccomp *Seccomp `json:"seccomp"`
          
          	// NoNewPrivileges controls whether processes in the container can gain additional privileges.
          	NoNewPrivileges bool `json:"no_new_privileges,omitempty"`
          
          	// Hooks are a collection of actions to perform at various container lifecycle events.
          	// CommandHooks are serialized to JSON, but other hooks are not.
          	Hooks *Hooks
          
          	// Version is the version of opencontainer specification that is supported.
          	Version string `json:"version"`
          
          	// Labels are user defined metadata that is stored in the config and populated on the state
          	Labels []string `json:"labels"`
          }

            Config defines configuration options for executing a process inside a contained environment.

            func (Config) HostGID

            func (c Config) HostGID() (int, error)

              Gets the root gid for the process on host which could be non-zero when user namespaces are enabled.

              func (Config) HostUID

              func (c Config) HostUID() (int, error)

                Gets the root uid for the process on host which could be non-zero when user namespaces are enabled.

                type Device

                type Device struct {
                	// Device type, block, char, etc.
                	Type rune `json:"type"`
                
                	// Path to the device.
                	Path string `json:"path"`
                
                	// Major is the device's major number.
                	Major int64 `json:"major"`
                
                	// Minor is the device's minor number.
                	Minor int64 `json:"minor"`
                
                	// Cgroup permissions format, rwm.
                	Permissions string `json:"permissions"`
                
                	// FileMode permission bits for the device.
                	FileMode os.FileMode `json:"file_mode"`
                
                	// Uid of the device.
                	Uid uint32 `json:"uid"`
                
                	// Gid of the device.
                	Gid uint32 `json:"gid"`
                
                	// Write the file to the allowed list
                	Allow bool `json:"allow"`
                }

                func (*Device) CgroupString

                func (d *Device) CgroupString() string

                func (*Device) Mkdev

                func (d *Device) Mkdev() int

                type FreezerState

                type FreezerState string
                const (
                	Undefined FreezerState = ""
                	Frozen    FreezerState = "FROZEN"
                	Thawed    FreezerState = "THAWED"
                )

                type FuncHook

                type FuncHook struct {
                	// contains filtered or unexported fields
                }

                func NewFunctionHook

                func NewFunctionHook(f func(HookState) error) FuncHook

                  NewFunctionHooks will call the provided function when the hook is run.

                  func (FuncHook) Run

                  func (f FuncHook) Run(s HookState) error

                  type Hook

                  type Hook interface {
                  	// Run executes the hook with the provided state.
                  	Run(HookState) error
                  }

                  type HookState

                  type HookState struct {
                  	Version    string `json:"ociVersion"`
                  	ID         string `json:"id"`
                  	Pid        int    `json:"pid"`
                  	Root       string `json:"root"`
                  	BundlePath string `json:"bundlePath"`
                  }

                    HookState is the payload provided to a hook on execution.

                    type Hooks

                    type Hooks struct {
                    	// Prestart commands are executed after the container namespaces are created,
                    	// but before the user supplied command is executed from init.
                    	Prestart []Hook
                    
                    	// Poststart commands are executed after the container init process starts.
                    	Poststart []Hook
                    
                    	// Poststop commands are executed after the container init process exits.
                    	Poststop []Hook
                    }

                    func (Hooks) MarshalJSON

                    func (hooks Hooks) MarshalJSON() ([]byte, error)

                    func (*Hooks) UnmarshalJSON

                    func (hooks *Hooks) UnmarshalJSON(b []byte) error

                    type HugepageLimit

                    type HugepageLimit struct {
                    	// which type of hugepage to limit.
                    	Pagesize string `json:"page_size"`
                    
                    	// usage limit for hugepage.
                    	Limit uint64 `json:"limit"`
                    }

                    type IDMap

                    type IDMap struct {
                    	ContainerID int `json:"container_id"`
                    	HostID      int `json:"host_id"`
                    	Size        int `json:"size"`
                    }

                      IDMap represents UID/GID Mappings for User Namespaces.

                      type IfPrioMap

                      type IfPrioMap struct {
                      	Interface string `json:"interface"`
                      	Priority  int64  `json:"priority"`
                      }

                      func (*IfPrioMap) CgroupString

                      func (i *IfPrioMap) CgroupString() string

                      type Mount

                      type Mount struct {
                      	// Source path for the mount.
                      	Source string `json:"source"`
                      
                      	// Destination path for the mount inside the container.
                      	Destination string `json:"destination"`
                      
                      	// Device the mount is for.
                      	Device string `json:"device"`
                      
                      	// Mount flags.
                      	Flags int `json:"flags"`
                      
                      	// Propagation Flags
                      	PropagationFlags []int `json:"propagation_flags"`
                      
                      	// Mount data applied to the mount.
                      	Data string `json:"data"`
                      
                      	// Relabel source if set, "z" indicates shared, "Z" indicates unshared.
                      	Relabel string `json:"relabel"`
                      
                      	// Optional Command to be run before Source is mounted.
                      	PremountCmds []Command `json:"premount_cmds"`
                      
                      	// Optional Command to be run after Source is mounted.
                      	PostmountCmds []Command `json:"postmount_cmds"`
                      }

                      type Namespace

                      type Namespace struct {
                      	Type NamespaceType `json:"type"`
                      	Path string        `json:"path"`
                      }

                        Namespace defines configuration for each namespace. It specifies an alternate path that is able to be joined via setns.

                        func (*Namespace) GetPath

                        func (n *Namespace) GetPath(pid int) string

                        func (*Namespace) Syscall

                        func (n *Namespace) Syscall() int

                        type NamespaceType

                        type NamespaceType string
                        const (
                        	NEWNET  NamespaceType = "NEWNET"
                        	NEWPID  NamespaceType = "NEWPID"
                        	NEWNS   NamespaceType = "NEWNS"
                        	NEWUTS  NamespaceType = "NEWUTS"
                        	NEWIPC  NamespaceType = "NEWIPC"
                        	NEWUSER NamespaceType = "NEWUSER"
                        )

                        func NamespaceTypes

                        func NamespaceTypes() []NamespaceType

                        type Namespaces

                        type Namespaces []Namespace

                        func (*Namespaces) Add

                        func (n *Namespaces) Add(t NamespaceType, path string)

                        func (*Namespaces) CloneFlags

                        func (n *Namespaces) CloneFlags() uintptr

                          CloneFlags parses the container's Namespaces options to set the correct flags on clone, unshare. This function returns flags only for new namespaces.

                          func (*Namespaces) Contains

                          func (n *Namespaces) Contains(t NamespaceType) bool

                          func (*Namespaces) PathOf

                          func (n *Namespaces) PathOf(t NamespaceType) string

                          func (*Namespaces) Remove

                          func (n *Namespaces) Remove(t NamespaceType) bool

                          type Network

                          type Network struct {
                          	// Type sets the networks type, commonly veth and loopback
                          	Type string `json:"type"`
                          
                          	// Name of the network interface
                          	Name string `json:"name"`
                          
                          	// The bridge to use.
                          	Bridge string `json:"bridge"`
                          
                          	// MacAddress contains the MAC address to set on the network interface
                          	MacAddress string `json:"mac_address"`
                          
                          	// Address contains the IPv4 and mask to set on the network interface
                          	Address string `json:"address"`
                          
                          	// Gateway sets the gateway address that is used as the default for the interface
                          	Gateway string `json:"gateway"`
                          
                          	// IPv6Address contains the IPv6 and mask to set on the network interface
                          	IPv6Address string `json:"ipv6_address"`
                          
                          	// IPv6Gateway sets the ipv6 gateway address that is used as the default for the interface
                          	IPv6Gateway string `json:"ipv6_gateway"`
                          
                          	// Mtu sets the mtu value for the interface and will be mirrored on both the host and
                          	// container's interfaces if a pair is created, specifically in the case of type veth
                          	// Note: This does not apply to loopback interfaces.
                          	Mtu int `json:"mtu"`
                          
                          	// TxQueueLen sets the tx_queuelen value for the interface and will be mirrored on both the host and
                          	// container's interfaces if a pair is created, specifically in the case of type veth
                          	// Note: This does not apply to loopback interfaces.
                          	TxQueueLen int `json:"txqueuelen"`
                          
                          	// HostInterfaceName is a unique name of a veth pair that resides on in the host interface of the
                          	// container.
                          	HostInterfaceName string `json:"host_interface_name"`
                          
                          	// HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
                          	// bridge port in the case of type veth
                          	// Note: This is unsupported on some systems.
                          	// Note: This does not apply to loopback interfaces.
                          	HairpinMode bool `json:"hairpin_mode"`
                          }

                            Network defines configuration for a container's networking stack

                            The network configuration can be omitted from a container causing the container to be setup with the host's networking stack

                            type Operator

                            type Operator int

                              A comparison operator to be used when matching syscall arguments in Seccomp

                              const (
                              	EqualTo Operator = iota + 1
                              	NotEqualTo
                              	GreaterThan
                              	GreaterThanOrEqualTo
                              	LessThan
                              	LessThanOrEqualTo
                              	MaskEqualTo
                              )

                              type Resources

                              type Resources struct {
                              	// If this is true allow access to any kind of device within the container.  If false, allow access only to devices explicitly listed in the allowed_devices list.
                              	// Deprecated
                              	AllowAllDevices bool `json:"allow_all_devices,omitempty"`
                              	// Deprecated
                              	AllowedDevices []*Device `json:"allowed_devices,omitempty"`
                              	// Deprecated
                              	DeniedDevices []*Device `json:"denied_devices,omitempty"`
                              
                              	Devices []*Device `json:"devices"`
                              
                              	// Memory limit (in bytes)
                              	Memory int64 `json:"memory"`
                              
                              	// Memory reservation or soft_limit (in bytes)
                              	MemoryReservation int64 `json:"memory_reservation"`
                              
                              	// Total memory usage (memory + swap); set `-1` to enable unlimited swap
                              	MemorySwap int64 `json:"memory_swap"`
                              
                              	// Kernel memory limit (in bytes)
                              	KernelMemory int64 `json:"kernel_memory"`
                              
                              	// Kernel memory limit for TCP use (in bytes)
                              	KernelMemoryTCP int64 `json:"kernel_memory_tcp"`
                              
                              	// CPU shares (relative weight vs. other containers)
                              	CpuShares int64 `json:"cpu_shares"`
                              
                              	// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
                              	CpuQuota int64 `json:"cpu_quota"`
                              
                              	// CPU period to be used for hardcapping (in usecs). 0 to use system default.
                              	CpuPeriod int64 `json:"cpu_period"`
                              
                              	// How many time CPU will use in realtime scheduling (in usecs).
                              	CpuRtRuntime int64 `json:"cpu_quota"`
                              
                              	// CPU period to be used for realtime scheduling (in usecs).
                              	CpuRtPeriod int64 `json:"cpu_period"`
                              
                              	// CPU to use
                              	CpusetCpus string `json:"cpuset_cpus"`
                              
                              	// MEM to use
                              	CpusetMems string `json:"cpuset_mems"`
                              
                              	// Process limit; set <= `0' to disable limit.
                              	PidsLimit int64 `json:"pids_limit"`
                              
                              	// Specifies per cgroup weight, range is from 10 to 1000.
                              	BlkioWeight uint16 `json:"blkio_weight"`
                              
                              	// Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only
                              	BlkioLeafWeight uint16 `json:"blkio_leaf_weight"`
                              
                              	// Weight per cgroup per device, can override BlkioWeight.
                              	BlkioWeightDevice []*WeightDevice `json:"blkio_weight_device"`
                              
                              	// IO read rate limit per cgroup per device, bytes per second.
                              	BlkioThrottleReadBpsDevice []*ThrottleDevice `json:"blkio_throttle_read_bps_device"`
                              
                              	// IO write rate limit per cgroup per divice, bytes per second.
                              	BlkioThrottleWriteBpsDevice []*ThrottleDevice `json:"blkio_throttle_write_bps_device"`
                              
                              	// IO read rate limit per cgroup per device, IO per second.
                              	BlkioThrottleReadIOPSDevice []*ThrottleDevice `json:"blkio_throttle_read_iops_device"`
                              
                              	// IO write rate limit per cgroup per device, IO per second.
                              	BlkioThrottleWriteIOPSDevice []*ThrottleDevice `json:"blkio_throttle_write_iops_device"`
                              
                              	// set the freeze value for the process
                              	Freezer FreezerState `json:"freezer"`
                              
                              	// Hugetlb limit (in bytes)
                              	HugetlbLimit []*HugepageLimit `json:"hugetlb_limit"`
                              
                              	// Whether to disable OOM Killer
                              	OomKillDisable bool `json:"oom_kill_disable"`
                              
                              	// Tuning swappiness behaviour per cgroup
                              	MemorySwappiness *int64 `json:"memory_swappiness"`
                              
                              	// Set priority of network traffic for container
                              	NetPrioIfpriomap []*IfPrioMap `json:"net_prio_ifpriomap"`
                              
                              	// Set class identifier for container's network packets
                              	NetClsClassid string `json:"net_cls_classid"`
                              }

                              type Rlimit

                              type Rlimit struct {
                              	Type int    `json:"type"`
                              	Hard uint64 `json:"hard"`
                              	Soft uint64 `json:"soft"`
                              }

                              type Route

                              type Route struct {
                              	// Sets the destination and mask, should be a CIDR.  Accepts IPv4 and IPv6
                              	Destination string `json:"destination"`
                              
                              	// Sets the source and mask, should be a CIDR.  Accepts IPv4 and IPv6
                              	Source string `json:"source"`
                              
                              	// Sets the gateway.  Accepts IPv4 and IPv6
                              	Gateway string `json:"gateway"`
                              
                              	// The device to set this route up for, for example: eth0
                              	InterfaceName string `json:"interface_name"`
                              }

                                Routes can be specified to create entries in the route table as the container is started

                                All of destination, source, and gateway should be either IPv4 or IPv6. One of the three options must be present, and omitted entries will use their IP family default for the route table. For IPv4 for example, setting the gateway to 1.2.3.4 and the interface to eth0 will set up a standard destination of 0.0.0.0(or *) when viewed in the route table.

                                type Seccomp

                                type Seccomp struct {
                                	DefaultAction Action     `json:"default_action"`
                                	Architectures []string   `json:"architectures"`
                                	Syscalls      []*Syscall `json:"syscalls"`
                                }

                                  Seccomp represents syscall restrictions By default, only the native architecture of the kernel is allowed to be used for syscalls. Additional architectures can be added by specifying them in Architectures.

                                  type Syscall

                                  type Syscall struct {
                                  	Name   string `json:"name"`
                                  	Action Action `json:"action"`
                                  	Args   []*Arg `json:"args"`
                                  }

                                    An rule to match a syscall in Seccomp

                                    type ThrottleDevice

                                    type ThrottleDevice struct {
                                    
                                    	// Rate is the IO rate limit per cgroup per device
                                    	Rate uint64 `json:"rate"`
                                    	// contains filtered or unexported fields
                                    }

                                      ThrottleDevice struct holds a `major:minor rate_per_second` pair

                                      func NewThrottleDevice

                                      func NewThrottleDevice(major, minor int64, rate uint64) *ThrottleDevice

                                        NewThrottleDevice returns a configured ThrottleDevice pointer

                                        func (*ThrottleDevice) String

                                        func (td *ThrottleDevice) String() string

                                          String formats the struct to be writable to the cgroup specific file

                                          type WeightDevice

                                          type WeightDevice struct {
                                          
                                          	// Weight is the bandwidth rate for the device, range is from 10 to 1000
                                          	Weight uint16 `json:"weight"`
                                          	// LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, range is from 10 to 1000, cfq scheduler only
                                          	LeafWeight uint16 `json:"leafWeight"`
                                          	// contains filtered or unexported fields
                                          }

                                            WeightDevice struct holds a `major:minor weight`|`major:minor leaf_weight` pair

                                            func NewWeightDevice

                                            func NewWeightDevice(major, minor int64, weight, leafWeight uint16) *WeightDevice

                                              NewWeightDevice returns a configured WeightDevice pointer

                                              func (*WeightDevice) LeafWeightString

                                              func (wd *WeightDevice) LeafWeightString() string

                                                LeafWeightString formats the struct to be writable to the cgroup specific file

                                                func (*WeightDevice) WeightString

                                                func (wd *WeightDevice) WeightString() string

                                                  WeightString formats the struct to be writable to the cgroup specific file

                                                  Directories

                                                  Path Synopsis