Directories
¶
| Path | Synopsis |
|---|---|
|
Package abi describes the interface between a kernel and userspace.
|
Package abi describes the interface between a kernel and userspace. |
|
attestation
Package attestation includes definitions needed for gVisor attestation.
|
Package attestation includes definitions needed for gVisor attestation. |
|
gasket
Package gasket describes the userspace interface for Gasket devices.
|
Package gasket describes the userspace interface for Gasket devices. |
|
linux
Package linux contains the constants and types needed to interface with a Linux kernel.
|
Package linux contains the constants and types needed to interface with a Linux kernel. |
|
linux/errno
Package errno holds errno codes for abi/linux.
|
Package errno holds errno codes for abi/linux. |
|
nvgpu
Package nvgpu tracks the ABI of the Nvidia GPU Linux kernel driver: https://github.com/NVIDIA/open-gpu-kernel-modules
|
Package nvgpu tracks the ABI of the Nvidia GPU Linux kernel driver: https://github.com/NVIDIA/open-gpu-kernel-modules |
|
sentry
Package sentry contains ABI-related constants for the gVisor sentry.
|
Package sentry contains ABI-related constants for the gVisor sentry. |
|
tpu
Package tpu defines constants used to interact with TPUs.
|
Package tpu defines constants used to interact with TPUs. |
|
Package atomicbitops provides extensions to the sync/atomic package.
|
Package atomicbitops provides extensions to the sync/atomic package. |
|
Package binary translates between select fixed-sized types and a binary representation.
|
Package binary translates between select fixed-sized types and a binary representation. |
|
Package bitmap provides the implementation of bitmap.
|
Package bitmap provides the implementation of bitmap. |
|
Package bits includes all bit related types and operations.
|
Package bits includes all bit related types and operations. |
|
Package bpf provides tools for working with Berkeley Packet Filter (BPF) programs.
|
Package bpf provides tools for working with Berkeley Packet Filter (BPF) programs. |
|
Package buffer provides the implementation of a non-contiguous buffer that is reference counted, pooled, and copy-on-write.
|
Package buffer provides the implementation of a non-contiguous buffer that is reference counted, pooled, and copy-on-write. |
|
Package cleanup provides utilities to clean "stuff" on defers.
|
Package cleanup provides utilities to clean "stuff" on defers. |
|
Package compressio provides parallel compression and decompression, as well as optional SHA-256 hashing.
|
Package compressio provides parallel compression and decompression, as well as optional SHA-256 hashing. |
|
Package context defines an internal context type.
|
Package context defines an internal context type. |
|
control
|
|
|
client
Package client provides a basic control client interface.
|
Package client provides a basic control client interface. |
|
server
Package server provides a basic control server interface.
|
Package server provides a basic control server interface. |
|
Package coretag implements core tagging.
|
Package coretag implements core tagging. |
|
Package coverage provides an interface through which Go coverage data can be collected, converted to kcov format, and exposed to userspace.
|
Package coverage provides an interface through which Go coverage data can be collected, converted to kcov format, and exposed to userspace. |
|
Package cpuid provides basic functionality for creating and adjusting CPU feature sets.
|
Package cpuid provides basic functionality for creating and adjusting CPU feature sets. |
|
Package crypto wraps crypto primitives.
|
Package crypto wraps crypto primitives. |
|
Package devutil provides device specific utilities.
|
Package devutil provides device specific utilities. |
|
Package erofs provides the ability to access the contents in an EROFS [1] image.
|
Package erofs provides the ability to access the contents in an EROFS [1] image. |
|
Package errors holds the standardized error definition for gVisor.
|
Package errors holds the standardized error definition for gVisor. |
|
linuxerr
Package linuxerr contains syscall error codes exported as an error interface pointers.
|
Package linuxerr contains syscall error codes exported as an error interface pointers. |
|
Package eventchannel contains functionality for sending any protobuf message on a socketpair.
|
Package eventchannel contains functionality for sending any protobuf message on a socketpair. |
|
Package eventfd wraps Linux's eventfd(2) syscall.
|
Package eventfd wraps Linux's eventfd(2) syscall. |
|
Package fd provides types for working with file descriptors.
|
Package fd provides types for working with file descriptors. |
|
Package fdchannel implements passing file descriptors between processes over Unix domain sockets.
|
Package fdchannel implements passing file descriptors between processes over Unix domain sockets. |
|
Package fdnotifier contains an adapter that translates IO events (e.g., a file became readable/writable) from native FDs to the notifications in the waiter package.
|
Package fdnotifier contains an adapter that translates IO events (e.g., a file became readable/writable) from native FDs to the notifications in the waiter package. |
|
Package flipcall implements a protocol providing Fast Local Interprocess Procedure Calls between mutually-distrusting processes.
|
Package flipcall implements a protocol providing Fast Local Interprocess Procedure Calls between mutually-distrusting processes. |
|
Package fspath provides efficient tools for working with file paths in Linux-compatible filesystem implementations.
|
Package fspath provides efficient tools for working with file paths in Linux-compatible filesystem implementations. |
|
Package fsutil contains filesystem utilities that can be shared between the sentry and other sandbox components.
|
Package fsutil contains filesystem utilities that can be shared between the sentry and other sandbox components. |
|
Package gohacks contains utilities for subverting the Go compiler.
|
Package gohacks contains utilities for subverting the Go compiler. |
|
Package goid provides the Get function.
|
Package goid provides the Get function. |
|
Package hostarch contains host arch address operations for user memory.
|
Package hostarch contains host arch address operations for user memory. |
|
Package hostos contains utility functions for getting information about the host OS.
|
Package hostos contains utility functions for getting information about the host OS. |
|
Package hosttid provides the Current function.
|
Package hosttid provides the Current function. |
|
Package linewriter provides an io.Writer which calls an emitter on each line.
|
Package linewriter provides an io.Writer which calls an emitter on each line. |
|
Package lisafs (LInux SAndbox FileSystem) defines the protocol for filesystem RPCs between an untrusted Sandbox (client) and a trusted filesystem server.
|
Package lisafs (LInux SAndbox FileSystem) defines the protocol for filesystem RPCs between an untrusted Sandbox (client) and a trusted filesystem server. |
|
testsuite
Package testsuite provides a integration testing suite for lisafs.
|
Package testsuite provides a integration testing suite for lisafs. |
|
Package log implements a library for logging.
|
Package log implements a library for logging. |
|
Package marshal defines the Marshallable interface for serialize/deserializing go data structures to/from memory, according to the Linux ABI.
|
Package marshal defines the Marshallable interface for serialize/deserializing go data structures to/from memory, according to the Linux ABI. |
|
primitive
Package primitive defines marshal.Marshallable implementations for primitive types.
|
Package primitive defines marshal.Marshallable implementations for primitive types. |
|
Package memutil provides utilities for working with shared memory files.
|
Package memutil provides utilities for working with shared memory files. |
|
Package metric provides primitives for collecting metrics.
|
Package metric provides primitives for collecting metrics. |
|
buckettool
buckettool prints buckets for distribution metrics.
|
buckettool prints buckets for distribution metrics. |
|
Package p9 is a 9P2000.L implementation.
|
Package p9 is a 9P2000.L implementation. |
|
p9test
Package p9test provides standard mocks for p9.
|
Package p9test provides standard mocks for p9. |
|
Package pool provides a trivial integer pool.
|
Package pool provides a trivial integer pool. |
|
Package prometheus contains Prometheus-compliant metric data structures and utilities.
|
Package prometheus contains Prometheus-compliant metric data structures and utilities. |
|
Package rand implements a cryptographically secure pseudorandom number generator.
|
Package rand implements a cryptographically secure pseudorandom number generator. |
|
Package ring0 provides basic operating system-level stubs.
|
Package ring0 provides basic operating system-level stubs. |
|
pagetables
Package pagetables provides a generic implementation of pagetables.
|
Package pagetables provides a generic implementation of pagetables. |
|
Package safecopy provides an efficient implementation of functions to access memory that may result in SIGSEGV or SIGBUS being sent to the accessor.
|
Package safecopy provides an efficient implementation of functions to access memory that may result in SIGSEGV or SIGBUS being sent to the accessor. |
|
Package safemem provides the Block and BlockSeq types.
|
Package safemem provides the Block and BlockSeq types. |
|
Package seccomp provides generation of basic seccomp filters.
|
Package seccomp provides generation of basic seccomp filters. |
|
precompiledseccomp/example
Package example defines two seccomp programs ("example_program1" and "example_program2") to be embedded in the `usage` package in this directory.
|
Package example defines two seccomp programs ("example_program1" and "example_program2") to be embedded in the `usage` package in this directory. |
|
precompiledseccomp/example/usage
Package usage shows how to use precompiled seccomp-bpf programs.
|
Package usage shows how to use precompiled seccomp-bpf programs. |
|
victim
Test binary used to test that seccomp filters are properly constructed and indeed kill the process on violation.
|
Test binary used to test that seccomp filters are properly constructed and indeed kill the process on violation. |
|
Package secio provides support for sectioned I/O.
|
Package secio provides support for sectioned I/O. |
|
Package segment provides tools for working with collections of segments.
|
Package segment provides tools for working with collections of segments. |
|
test
Package segment is a test package.
|
Package segment is a test package. |
|
sentry
|
|
|
arch
Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc.
|
Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc. |
|
arch/fpu
Package fpu provides basic floating point helpers.
|
Package fpu provides basic floating point helpers. |
|
contexttest
Package contexttest builds a test context.Context.
|
Package contexttest builds a test context.Context. |
|
control
Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process.
|
Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process. |
|
devices/accel
Package accel implements proxying for hardware accelerators.
|
Package accel implements proxying for hardware accelerators. |
|
devices/memdev
Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c.
|
Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c. |
|
devices/nvproxy
Package nvproxy implements proxying for the Nvidia GPU Linux kernel driver: https://github.com/NVIDIA/open-gpu-kernel-modules.
|
Package nvproxy implements proxying for the Nvidia GPU Linux kernel driver: https://github.com/NVIDIA/open-gpu-kernel-modules. |
|
devices/tpuproxy
Package tpuproxy implements proxying for TPU devices.
|
Package tpuproxy implements proxying for TPU devices. |
|
devices/ttydev
Package ttydev implements an unopenable vfs.Device for /dev/tty.
|
Package ttydev implements an unopenable vfs.Device for /dev/tty. |
|
devices/tundev
Package tundev implements the /dev/net/tun device.
|
Package tundev implements the /dev/net/tun device. |
|
fdimport
Package fdimport provides the Import function.
|
Package fdimport provides the Import function. |
|
fsimpl/cgroupfs
Package cgroupfs implements cgroupfs.
|
Package cgroupfs implements cgroupfs. |
|
fsimpl/dev
Package dev provides a filesystem implementation for /dev.
|
Package dev provides a filesystem implementation for /dev. |
|
fsimpl/devpts
Package devpts provides a filesystem implementation that behaves like devpts.
|
Package devpts provides a filesystem implementation that behaves like devpts. |
|
fsimpl/devtmpfs
Package devtmpfs provides a singleton fsimpl/dev filesystem instance, analogous to Linux's devtmpfs.
|
Package devtmpfs provides a singleton fsimpl/dev filesystem instance, analogous to Linux's devtmpfs. |
|
fsimpl/erofs
Package erofs implements erofs.
|
Package erofs implements erofs. |
|
fsimpl/eventfd
Package eventfd implements event fds.
|
Package eventfd implements event fds. |
|
fsimpl/fuse
Package fuse implements fusefs.
|
Package fuse implements fusefs. |
|
fsimpl/gofer
Package gofer provides a filesystem implementation that is backed by a 9p server, interchangeably referred to as "gofers" throughout this package.
|
Package gofer provides a filesystem implementation that is backed by a 9p server, interchangeably referred to as "gofers" throughout this package. |
|
fsimpl/host
Package host provides a filesystem implementation for host files imported as file descriptors.
|
Package host provides a filesystem implementation for host files imported as file descriptors. |
|
fsimpl/iouringfs
Package iouringfs provides a filesystem implementation for IO_URING basing it on anonfs.
|
Package iouringfs provides a filesystem implementation for IO_URING basing it on anonfs. |
|
fsimpl/kernfs
Package kernfs provides the tools to implement inode-based filesystems.
|
Package kernfs provides the tools to implement inode-based filesystems. |
|
fsimpl/lock
Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks.
|
Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks. |
|
fsimpl/mqfs
Package mqfs provides a filesystem implementation to back POSIX message queues.
|
Package mqfs provides a filesystem implementation to back POSIX message queues. |
|
fsimpl/nsfs
Package nsfs provides the filesystem implementation backing Kernel.NsfsMount.
|
Package nsfs provides the filesystem implementation backing Kernel.NsfsMount. |
|
fsimpl/overlay
Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer").
|
Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer"). |
|
fsimpl/pipefs
Package pipefs provides the filesystem implementation backing Kernel.PipeMount.
|
Package pipefs provides the filesystem implementation backing Kernel.PipeMount. |
|
fsimpl/proc
Package proc implements a partial in-memory file system for procfs.
|
Package proc implements a partial in-memory file system for procfs. |
|
fsimpl/signalfd
Package signalfd provides basic signalfd file implementations.
|
Package signalfd provides basic signalfd file implementations. |
|
fsimpl/sockfs
Package sockfs provides a filesystem implementation for anonymous sockets.
|
Package sockfs provides a filesystem implementation for anonymous sockets. |
|
fsimpl/sys
Package sys implements sysfs.
|
Package sys implements sysfs. |
|
fsimpl/testutil
Package testutil provides common test utilities for kernfs-based filesystems.
|
Package testutil provides common test utilities for kernfs-based filesystems. |
|
fsimpl/timerfd
Package timerfd implements timer fds.
|
Package timerfd implements timer fds. |
|
fsimpl/tmpfs
Package tmpfs provides an in-memory filesystem whose contents are application-mutable, consistent with Linux's tmpfs.
|
Package tmpfs provides an in-memory filesystem whose contents are application-mutable, consistent with Linux's tmpfs. |
|
fsimpl/user
Package user contains methods for resolving filesystem paths based on the user and their environment.
|
Package user contains methods for resolving filesystem paths based on the user and their environment. |
|
fsmetric
Package fsmetric defines filesystem metrics.
|
Package fsmetric defines filesystem metrics. |
|
fsutil
Package fsutil provides utilities for implementing vfs.FileDescriptionImpl and vfs.FilesystemImpl.
|
Package fsutil provides utilities for implementing vfs.FileDescriptionImpl and vfs.FilesystemImpl. |
|
hostcpu
Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel.
|
Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel. |
|
hostfd
Package hostfd provides efficient I/O with host file descriptors.
|
Package hostfd provides efficient I/O with host file descriptors. |
|
hostmm
Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem.
|
Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem. |
|
inet
Package inet defines semantics for IP stacks.
|
Package inet defines semantics for IP stacks. |
|
kernel
Package kernel provides an emulation of the Linux kernel.
|
Package kernel provides an emulation of the Linux kernel. |
|
kernel/auth
Package auth implements an access control model that is a subset of Linux's.
|
Package auth implements an access control model that is a subset of Linux's. |
|
kernel/contexttest
Package contexttest provides a test context.Context which includes a dummy kernel pointing to a valid platform.
|
Package contexttest provides a test context.Context which includes a dummy kernel pointing to a valid platform. |
|
kernel/fasync
Package fasync provides FIOASYNC related functionality.
|
Package fasync provides FIOASYNC related functionality. |
|
kernel/futex
Package futex provides an implementation of the futex interface as found in the Linux kernel.
|
Package futex provides an implementation of the futex interface as found in the Linux kernel. |
|
kernel/ipc
Package ipc defines functionality and utilities common to sysvipc mechanisms.
|
Package ipc defines functionality and utilities common to sysvipc mechanisms. |
|
kernel/memevent
Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel.
|
Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel. |
|
kernel/mq
Package mq provides an implementation for POSIX message queues.
|
Package mq provides an implementation for POSIX message queues. |
|
kernel/msgqueue
Package msgqueue implements System V message queues.
|
Package msgqueue implements System V message queues. |
|
kernel/pipe
Package pipe provides a pipe implementation.
|
Package pipe provides a pipe implementation. |
|
kernel/sched
Package sched implements scheduler related features.
|
Package sched implements scheduler related features. |
|
kernel/semaphore
Package semaphore implements System V semaphores.
|
Package semaphore implements System V semaphores. |
|
kernel/shm
Package shm implements sysv shared memory segments.
|
Package shm implements sysv shared memory segments. |
|
kernel/time
Package time defines the Timer type, which provides a periodic timer that works by sampling a user-provided clock.
|
Package time defines the Timer type, which provides a periodic timer that works by sampling a user-provided clock. |
|
limits
Package limits provides resource limits.
|
Package limits provides resource limits. |
|
loader
Package loader loads an executable file into a MemoryManager.
|
Package loader loads an executable file into a MemoryManager. |
|
loader/vdsodata
Package vdsodata contains a compiled VDSO object.
|
Package vdsodata contains a compiled VDSO object. |
|
memmap
Package memmap defines semantics for memory mappings.
|
Package memmap defines semantics for memory mappings. |
|
mm
Package mm provides a memory management subsystem.
|
Package mm provides a memory management subsystem. |
|
pgalloc
Package pgalloc contains the page allocator subsystem, which manages memory that may be mapped into application address spaces.
|
Package pgalloc contains the page allocator subsystem, which manages memory that may be mapped into application address spaces. |
|
platform
Package platform provides a Platform abstraction.
|
Package platform provides a Platform abstraction. |
|
platform/interrupt
Package interrupt provides an interrupt helper.
|
Package interrupt provides an interrupt helper. |
|
platform/kvm
Package kvm provides a kvm-based implementation of the platform interface.
|
Package kvm provides a kvm-based implementation of the platform interface. |
|
platform/kvm/testutil
Package testutil provides common assembly stubs for testing.
|
Package testutil provides common assembly stubs for testing. |
|
platform/ptrace
Package ptrace provides a ptrace-based implementation of the platform interface.
|
Package ptrace provides a ptrace-based implementation of the platform interface. |
|
platform/systrap
Package systrap provides a seccomp-based implementation of the platform interface.
|
Package systrap provides a seccomp-based implementation of the platform interface. |
|
platform/systrap/sysmsg
Package sysmsg provides a stub signal handler and a communication protocol between stub threads and the Sentry.
|
Package sysmsg provides a stub signal handler and a communication protocol between stub threads and the Sentry. |
|
platform/systrap/usertrap
Package usertrap implements the library to replace syscall instructions with function calls.
|
Package usertrap implements the library to replace syscall instructions with function calls. |
|
seccheck
Package seccheck defines a structure for dynamically-configured security checks in the sentry.
|
Package seccheck defines a structure for dynamically-configured security checks in the sentry. |
|
seccheck/sinks/null
Package null defines a seccheck.Sink that does nothing with the trace points, akin to /dev/null.
|
Package null defines a seccheck.Sink that does nothing with the trace points, akin to /dev/null. |
|
seccheck/sinks/remote
Package remote defines a seccheck.Sink that serializes points to a remote process.
|
Package remote defines a seccheck.Sink that serializes points to a remote process. |
|
seccheck/sinks/remote/server
Package server provides a common server implementation that can connect with remote.Remote.
|
Package server provides a common server implementation that can connect with remote.Remote. |
|
seccheck/sinks/remote/test
Package test provides functionality used to test the remote sink.
|
Package test provides functionality used to test the remote sink. |
|
seccheck/sinks/remote/wire
Package wire defines structs used in the wire format for the remote checker.
|
Package wire defines structs used in the wire format for the remote checker. |
|
socket
Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation.
|
Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation. |
|
socket/control
Package control provides internal representations of socket control messages.
|
Package control provides internal representations of socket control messages. |
|
socket/hostinet
Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack.
|
Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack. |
|
socket/netfilter
Package netfilter helps the sentry interact with netstack's netfilter capabilities.
|
Package netfilter helps the sentry interact with netstack's netfilter capabilities. |
|
socket/netlink
Package netlink provides core functionality for netlink sockets.
|
Package netlink provides core functionality for netlink sockets. |
|
socket/netlink/nlmsg
Package nlmsg provides helpers to parse and construct netlink messages.
|
Package nlmsg provides helpers to parse and construct netlink messages. |
|
socket/netlink/port
Package port provides port ID allocation for netlink sockets.
|
Package port provides port ID allocation for netlink sockets. |
|
socket/netlink/route
Package route provides a NETLINK_ROUTE socket protocol.
|
Package route provides a NETLINK_ROUTE socket protocol. |
|
socket/netlink/uevent
Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol.
|
Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol. |
|
socket/netstack
Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint.
|
Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint. |
|
socket/unix
Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family.
|
Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family. |
|
socket/unix/transport
Package transport contains the implementation of Unix endpoints.
|
Package transport contains the implementation of Unix endpoints. |
|
state
Package state provides high-level state wrappers.
|
Package state provides high-level state wrappers. |
|
strace
Package strace implements the logic to print out the input and the return value of each traced syscall.
|
Package strace implements the logic to print out the input and the return value of each traced syscall. |
|
syscalls
Package syscalls is the interface from the application to the kernel.
|
Package syscalls is the interface from the application to the kernel. |
|
syscalls/linux
Package linux provides syscall tables for amd64 and arm64 Linux.
|
Package linux provides syscall tables for amd64 and arm64 Linux. |
|
time
Package time provides a calibrated clock synchronized to a system reference clock.
|
Package time provides a calibrated clock synchronized to a system reference clock. |
|
unimpl
Package unimpl contains interface to emit events about unimplemented features.
|
Package unimpl contains interface to emit events about unimplemented features. |
|
uniqueid
Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers.
|
Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers. |
|
usage
Package usage provides representations of resource usage.
|
Package usage provides representations of resource usage. |
|
vfs
Package vfs implements a virtual filesystem layer.
|
Package vfs implements a virtual filesystem layer. |
|
vfs/genericfstree
Package genericfstree provides tools for implementing vfs.FilesystemImpls where a single statically-determined lock or set of locks is sufficient to ensure that a Dentry's name and parent are contextually immutable.
|
Package genericfstree provides tools for implementing vfs.FilesystemImpls where a single statically-determined lock or set of locks is sufficient to ensure that a Dentry's name and parent are contextually immutable. |
|
vfs/memxattr
Package memxattr provides a default, in-memory extended attribute implementation.
|
Package memxattr provides a default, in-memory extended attribute implementation. |
|
watchdog
Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hangs in the untrusted app.
|
Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hangs in the untrusted app. |
|
Package shim implements Containerd Shim v2 interface.
|
Package shim implements Containerd Shim v2 interface. |
|
proc
Package proc is responsible to manage the communication between the shim and the sandbox process running the container.
|
Package proc is responsible to manage the communication between the shim and the sandbox process running the container. |
|
runsc
Package runsc provides an API to interact with runsc command line.
|
Package runsc provides an API to interact with runsc command line. |
|
runtimeoptions
Package runtimeoptions contains the runtimeoptions proto for containerd 1.5 and above.
|
Package runtimeoptions contains the runtimeoptions proto for containerd 1.5 and above. |
|
runtimeoptions/v14
Package v14 contains the runtimeoptions proto for containerd 1.4 and earlier.
|
Package v14 contains the runtimeoptions proto for containerd 1.4 and earlier. |
|
utils
Package utils container miscellaneous utility function used by the shim.
|
Package utils container miscellaneous utility function used by the shim. |
|
Package sighandling contains helpers for handling signals to applications.
|
Package sighandling contains helpers for handling signals to applications. |
|
Package sleep allows goroutines to efficiently sleep on multiple sources of notifications (wakers).
|
Package sleep allows goroutines to efficiently sleep on multiple sources of notifications (wakers). |
|
Package state provides functionality related to saving and loading object graphs.
|
Package state provides functionality related to saving and loading object graphs. |
|
pretty
Package pretty is a pretty-printer for state streams.
|
Package pretty is a pretty-printer for state streams. |
|
statefile
Package statefile defines the state file data stream.
|
Package statefile defines the state file data stream. |
|
tests
Package tests tests the state packages.
|
Package tests tests the state packages. |
|
wire
Package wire contains a few basic types that can be composed to serialize graph information for the state package.
|
Package wire contains a few basic types that can be composed to serialize graph information for the state package. |
|
Package sync provides synchronization primitives.
|
Package sync provides synchronization primitives. |
|
atomicptr
Package seqatomic doesn't exist.
|
Package seqatomic doesn't exist. |
|
atomicptrmap
Package atomicptrmap instantiates generic_atomicptrmap for testing.
|
Package atomicptrmap instantiates generic_atomicptrmap for testing. |
|
locking
Package locking implements lock primitives with the correctness validator.
|
Package locking implements lock primitives with the correctness validator. |
|
seqatomic
Package seqatomic doesn't exist.
|
Package seqatomic doesn't exist. |
|
Package syncevent provides efficient primitives for goroutine synchronization based on event bitmasks.
|
Package syncevent provides efficient primitives for goroutine synchronization based on event bitmasks. |
|
Package syserr contains sandbox-internal errors.
|
Package syserr contains sandbox-internal errors. |
|
Package tcpip provides the interfaces and related types that users of the tcpip stack will use in order to create endpoints used to send and receive data over the network stack.
|
Package tcpip provides the interfaces and related types that users of the tcpip stack will use in order to create endpoints used to send and receive data over the network stack. |
|
adapters/gonet
Package gonet provides a Go net package compatible wrapper for a tcpip stack.
|
Package gonet provides a Go net package compatible wrapper for a tcpip stack. |
|
checker
Package checker provides helper functions to check networking packets for validity.
|
Package checker provides helper functions to check networking packets for validity. |
|
checksum
Package checksum provides the implementation of the encoding and decoding of network protocol headers.
|
Package checksum provides the implementation of the encoding and decoding of network protocol headers. |
|
faketime
Package faketime provides a fake clock that implements tcpip.Clock interface.
|
Package faketime provides a fake clock that implements tcpip.Clock interface. |
|
hash/jenkins
Package jenkins implements Jenkins's one_at_a_time, non-cryptographic hash functions created by by Bob Jenkins.
|
Package jenkins implements Jenkins's one_at_a_time, non-cryptographic hash functions created by by Bob Jenkins. |
|
header
Package header provides the implementation of the encoding and decoding of network protocol headers.
|
Package header provides the implementation of the encoding and decoding of network protocol headers. |
|
header/parse
Package parse provides utilities to parse packets.
|
Package parse provides utilities to parse packets. |
|
link/channel
Package channel provides the implementation of channel-based data-link layer endpoints.
|
Package channel provides the implementation of channel-based data-link layer endpoints. |
|
link/ethernet
Package ethernet provides an implementation of an ethernet link endpoint that wraps an inner link endpoint.
|
Package ethernet provides an implementation of an ethernet link endpoint that wraps an inner link endpoint. |
|
link/fdbased
Package fdbased provides the implementation of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets).
|
Package fdbased provides the implementation of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets). |
|
link/loopback
Package loopback provides the implementation of loopback data-link layer endpoints.
|
Package loopback provides the implementation of loopback data-link layer endpoints. |
|
link/muxed
Package muxed provides a muxed link endpoints.
|
Package muxed provides a muxed link endpoints. |
|
link/nested
Package nested provides helpers to implement the pattern of nested stack.LinkEndpoints.
|
Package nested provides helpers to implement the pattern of nested stack.LinkEndpoints. |
|
link/packetsocket
Package packetsocket provides a link endpoint that enables delivery of incoming and outgoing packets to any interested packet sockets.
|
Package packetsocket provides a link endpoint that enables delivery of incoming and outgoing packets to any interested packet sockets. |
|
link/pipe
Package pipe provides the implementation of pipe-like data-link layer endpoints.
|
Package pipe provides the implementation of pipe-like data-link layer endpoints. |
|
link/qdisc/fifo
Package fifo provides the implementation of FIFO queuing discipline that queues all outbound packets and asynchronously dispatches them to the lower link endpoint in the order that they were queued.
|
Package fifo provides the implementation of FIFO queuing discipline that queues all outbound packets and asynchronously dispatches them to the lower link endpoint in the order that they were queued. |
|
link/rawfile
Package rawfile contains utilities for using the netstack with raw host files on Linux hosts.
|
Package rawfile contains utilities for using the netstack with raw host files on Linux hosts. |
|
link/sharedmem
Package sharedmem provides the implementation of data-link layer endpoints backed by shared memory.
|
Package sharedmem provides the implementation of data-link layer endpoints backed by shared memory. |
|
link/sharedmem/pipe
Package pipe implements a shared memory ring buffer on which a single reader and a single writer can operate (read/write) concurrently.
|
Package pipe implements a shared memory ring buffer on which a single reader and a single writer can operate (read/write) concurrently. |
|
link/sharedmem/queue
Package queue provides the implementation of transmit and receive queues based on shared memory ring buffers.
|
Package queue provides the implementation of transmit and receive queues based on shared memory ring buffers. |
|
link/sniffer
Package sniffer provides the implementation of data-link layer endpoints that wrap another endpoint and logs inbound and outbound packets.
|
Package sniffer provides the implementation of data-link layer endpoints that wrap another endpoint and logs inbound and outbound packets. |
|
link/stopfd
Package stopfd provides an type that can be used to signal the stop of a dispatcher.
|
Package stopfd provides an type that can be used to signal the stop of a dispatcher. |
|
link/tun
Package tun contains methods to open TAP and TUN devices.
|
Package tun contains methods to open TAP and TUN devices. |
|
link/waitable
Package waitable provides the implementation of data-link layer endpoints that wrap other endpoints, and can wait for inflight calls to WritePacket or DeliverNetworkPacket to finish (and new ones to be prevented).
|
Package waitable provides the implementation of data-link layer endpoints that wrap other endpoints, and can wait for inflight calls to WritePacket or DeliverNetworkPacket to finish (and new ones to be prevented). |
|
link/xdp
Package xdp provides link layer endpoints backed by AF_XDP sockets.
|
Package xdp provides link layer endpoints backed by AF_XDP sockets. |
|
network/arp
Package arp implements the ARP network protocol.
|
Package arp implements the ARP network protocol. |
|
network/hash
Package hash contains utility functions for hashing.
|
Package hash contains utility functions for hashing. |
|
network/ipv4
Package ipv4 contains the implementation of the ipv4 network protocol.
|
Package ipv4 contains the implementation of the ipv4 network protocol. |
|
network/ipv6
Package ipv6 contains the implementation of the ipv6 network protocol.
|
Package ipv6 contains the implementation of the ipv6 network protocol. |
|
ports
Package ports provides PortManager that manages allocating, reserving and releasing ports.
|
Package ports provides PortManager that manages allocating, reserving and releasing ports. |
|
prependable
Package prependable defines a buffer that grows backwards.
|
Package prependable defines a buffer that grows backwards. |
|
sample/tun_tcp_connect
This sample creates a stack with TCP and IPv4 protocols on top of a TUN device, and connects to a peer.
|
This sample creates a stack with TCP and IPv4 protocols on top of a TUN device, and connects to a peer. |
|
sample/tun_tcp_echo
This sample creates a stack with TCP and IPv4 protocols on top of a TUN device, and listens on a port.
|
This sample creates a stack with TCP and IPv4 protocols on top of a TUN device, and listens on a port. |
|
seqnum
Package seqnum defines the types and methods for TCP sequence numbers such that they fit in 32-bit words and work properly when overflows occur.
|
Package seqnum defines the types and methods for TCP sequence numbers such that they fit in 32-bit words and work properly when overflows occur. |
|
stack
Package stack provides the glue between networking protocols and the consumers of the networking stack.
|
Package stack provides the glue between networking protocols and the consumers of the networking stack. |
|
stack/gro
Package gro implements generic receive offload.
|
Package gro implements generic receive offload. |
|
tests/utils
Package utils holds common testing utilities for tcpip.
|
Package utils holds common testing utilities for tcpip. |
|
testutil
Package testutil provides helper functions for netstack unit tests.
|
Package testutil provides helper functions for netstack unit tests. |
|
transport
Package transport supports transport protocols.
|
Package transport supports transport protocols. |
|
transport/icmp
Package icmp contains the implementation of the ICMP and IPv6-ICMP transport protocols for use in ping.
|
Package icmp contains the implementation of the ICMP and IPv6-ICMP transport protocols for use in ping. |
|
transport/packet
Package packet provides the implementation of packet sockets (see packet(7)).
|
Package packet provides the implementation of packet sockets (see packet(7)). |
|
transport/raw
Package raw provides the implementation of raw sockets (see raw(7)).
|
Package raw provides the implementation of raw sockets (see raw(7)). |
|
transport/tcp
Package tcp contains the implementation of the TCP transport protocol.
|
Package tcp contains the implementation of the TCP transport protocol. |
|
transport/tcp/test/e2e
Package e2e contains definitions common to all e2e tcp tests.
|
Package e2e contains definitions common to all e2e tcp tests. |
|
transport/tcp/testing/context
Package context provides a test context for use in tcp tests.
|
Package context provides a test context for use in tcp tests. |
|
transport/tcpconntrack
Package tcpconntrack implements a TCP connection tracking object.
|
Package tcpconntrack implements a TCP connection tracking object. |
|
transport/testing/context
Package context provides a context used by datagram-based network endpoints tests.
|
Package context provides a context used by datagram-based network endpoints tests. |
|
transport/udp
Package udp contains the implementation of the UDP transport protocol.
|
Package udp contains the implementation of the UDP transport protocol. |
|
test
|
|
|
criutil
Package criutil contains utility functions for interacting with the Container Runtime Interface (CRI), principally via the crictl command line tool.
|
Package criutil contains utility functions for interacting with the Container Runtime Interface (CRI), principally via the crictl command line tool. |
|
dockerutil
Package dockerutil is a collection of utility functions.
|
Package dockerutil is a collection of utility functions. |
|
testutil
Package testutil contains utility functions for runsc tests.
|
Package testutil contains utility functions for runsc tests. |
|
Package trie provides a character-based prefix trie data structure for storing arbitrary payloads in an efficiently retrievable manner.
|
Package trie provides a character-based prefix trie data structure for storing arbitrary payloads in an efficiently retrievable manner. |
|
Package unet provides a minimal net package based on Unix Domain Sockets.
|
Package unet provides a minimal net package based on Unix Domain Sockets. |
|
Package urpc provides a minimal RPC package based on unet.
|
Package urpc provides a minimal RPC package based on unet. |
|
Package usermem governs access to user memory.
|
Package usermem governs access to user memory. |
|
Package waiter provides the implementation of a wait queue, where waiters can be enqueued to be notified when an event of interest happens.
|
Package waiter provides the implementation of a wait queue, where waiters can be enqueued to be notified when an event of interest happens. |
|
Package xdp provides tools for working with AF_XDP sockets.
|
Package xdp provides tools for working with AF_XDP sockets. |
Click to show internal directories.
Click to hide internal directories.