Documentation
¶
Overview ¶
Package sandbox runs programs in a secure environment.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cmd ¶
type Cmd struct {
// Path is the path of the command to run.
//
// This is the only field that must be set to a non-zero
// value. If Path is relative, it is evaluated relative
// to Dir.
Path string
// Args holds command line arguments, including the command as Args[0].
// If the Args field is empty or nil, Run uses {Path}.
//
// In typical use, both Path and Args are set by calling Command.
Args []string
// Env specifies the environment of the process.
// Each entry is of the form "key=value".
// If Env is nil, the new process uses whatever environment
// runsc provides by default.
Env []string
// If AppendToEnv is true, the contents of Env are appended
// to the sandbox's existing environment, instead of replacing it.
AppendToEnv bool
// Dir specifies the working directory of the command.
// If Dir is the empty string, Run runs the command in the
// root of the sandbox filesystem.
Dir string
// contains filtered or unexported fields
}
Cmd describes how to run a binary in a sandbox.
type Sandbox ¶
type Sandbox struct {
Runsc string // path to runsc program
// contains filtered or unexported fields
}
A Sandbox is a restricted execution environment. A Sandbox instance refers to a directory containing an OCI bundle (see https://github.com/opencontainers/runtime-spec/blob/main/bundle.md).
func New ¶
New returns a new Sandbox using the bundle in bundleDir. The bundle must be configured to run the 'runner' program, built from runner.go in this directory. The Sandbox expects the runsc program to be on the path. That can be overridden by setting the Runsc field.
func (*Sandbox) Command ¶
Command creates a *Cmd to run path in the sandbox. It behaves like os/exec.Command.
Source Files
Click to show internal directories.
Click to hide internal directories.