container

package
v0.3.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2026 License: MIT Imports: 31 Imported by: 0

Documentation

Overview

Package container implements unprivileged Linux containers with built-in support for syscall filtering.

Example

Note: this package requires cgo, which is unavailable in the Go playground. 

package main

import (
	"context"
	"os"
	"os/exec"

	"hakurei.app/container"
	"hakurei.app/container/check"
	"hakurei.app/container/fhs"
)

func main() {
	// Must be called early if the current process starts containers.
	container.TryArgv0(nil)

	// Configure the container.
	z := container.New(context.Background(), nil)
	z.Hostname = "hakurei-example"
	z.Proc(fhs.AbsProc).Dev(fhs.AbsDev, true)
	z.Stdin, z.Stdout, z.Stderr = os.Stdin, os.Stdout, os.Stderr

	// Bind / for demonstration.
	z.Bind(fhs.AbsRoot, fhs.AbsRoot, 0)
	if name, err := exec.LookPath("hostname"); err != nil {
		panic(err)
	} else {
		z.Path = check.MustAbs(name)
	}

	// This completes the first stage of container setup and starts the container init process.
	// The new process blocks until the Serve method is called.
	if err := z.Start(); err != nil {
		panic(err)
	}

	// This serves the setup payload to the container init process,
	// starting the second stage of container setup.
	if err := z.Serve(); err != nil {
		panic(err)
	}

	// Must be called if the Start method succeeds.
	if err := z.Wait(); err != nil {
		panic(err)
	}

}

Output:

hakurei-example

Index

Examples

Constants

View Source 
const (
	PR_CAP_AMBIENT           = 0x2f
	PR_CAP_AMBIENT_RAISE     = 0x2
	PR_CAP_AMBIENT_CLEAR_ALL = 0x4

	CAP_SYS_ADMIN    = 0x15
	CAP_SETPCAP      = 0x8
	CAP_NET_ADMIN    = 0xc
	CAP_DAC_OVERRIDE = 0x1
)
View Source 
const (
	// OverlayEphemeralUnexpectedUpper is set when [MountOverlayOp.Work] is nil
	// and [MountOverlayOp.Upper] holds an unexpected value.
	OverlayEphemeralUnexpectedUpper = iota
	// OverlayReadonlyLower is set when [MountOverlayOp.Lower] contains less than
	// two entries when mounting readonly.
	OverlayReadonlyLower
	// OverlayEmptyLower is set when [MountOverlayOp.Lower] has length of zero.
	OverlayEmptyLower
)
View Source 
const (

	// SourceNone is used when the source value is ignored,
	// such as when remounting.
	SourceNone = "none"
	// SourceProc is used when mounting proc.
	// Note that any source value is allowed when fstype is [FstypeProc].
	SourceProc = "proc"
	// SourceDevpts is used when mounting devpts.
	// Note that any source value is allowed when fstype is [FstypeDevpts].
	SourceDevpts = "devpts"
	// SourceMqueue is used when mounting mqueue.
	// Note that any source value is allowed when fstype is [FstypeMqueue].
	SourceMqueue = "mqueue"
	// SourceOverlay is used when mounting overlay.
	// Note that any source value is allowed when fstype is [FstypeOverlay].
	SourceOverlay = "overlay"

	// SourceTmpfs is used when mounting tmpfs.
	SourceTmpfs = "tmpfs"
	// SourceTmpfsRootfs is used when mounting the tmpfs instance backing the intermediate root.
	SourceTmpfsRootfs = "rootfs"
	// SourceTmpfsDevtmpfs is used when mounting tmpfs representing a subset of host devtmpfs.
	SourceTmpfsDevtmpfs = "devtmpfs"
	// SourceTmpfsEphemeral is used when mounting a writable instance of tmpfs.
	SourceTmpfsEphemeral = "ephemeral"
	// SourceTmpfsReadonly is used when mounting a readonly instance of tmpfs.
	SourceTmpfsReadonly = "readonly"

	// FstypeNULL is used when the fstype value is ignored,
	// such as when bind mounting or remounting.
	FstypeNULL = zeroString
	// FstypeProc represents the proc pseudo-filesystem.
	// A fully visible instance of proc must be available in the mount namespace for proc to be mounted.
	FstypeProc = "proc"
	// FstypeDevpts represents the devpts pseudo-filesystem.
	// This type of filesystem is usually mounted on /dev/pts.
	FstypeDevpts = "devpts"
	// FstypeTmpfs represents the tmpfs filesystem.
	// This filesystem type can be mounted anywhere in the container filesystem.
	FstypeTmpfs = "tmpfs"
	// FstypeMqueue represents the mqueue pseudo-filesystem.
	// This filesystem type is usually mounted on /dev/mqueue.
	FstypeMqueue = "mqueue"
	// FstypeOverlay represents the overlay pseudo-filesystem.
	// This filesystem type can be mounted anywhere in the container filesystem.
	FstypeOverlay = "overlay"

	// OptionOverlayLowerdir represents the lowerdir option of the overlay pseudo-filesystem.
	// Any filesystem, does not need to be on a writable filesystem.
	OptionOverlayLowerdir = "lowerdir"
	// OptionOverlayUpperdir represents the upperdir option of the overlay pseudo-filesystem.
	// The upperdir is normally on a writable filesystem.
	OptionOverlayUpperdir = "upperdir"
	// OptionOverlayWorkdir represents the workdir option of the overlay pseudo-filesystem.
	// The workdir needs to be an empty directory on the same filesystem as upperdir.
	OptionOverlayWorkdir = "workdir"
	// OptionOverlayUserxattr represents the userxattr option of the overlay pseudo-filesystem.
	// Use the "user.overlay." xattr namespace instead of "trusted.overlay.".
	OptionOverlayUserxattr = "userxattr"
)
View Source 
const (
	SUID_DUMP_DISABLE = iota
	SUID_DUMP_USER
)

linux/sched/coredump.h

View Source 
const (
	O_PATH = 0x200000

	PR_SET_NO_NEW_PRIVS = 0x26
)
View Source 
const (
	// CancelSignal is the signal expected by container init on context cancel.
	// A custom [Container.Cancel] function must eventually deliver this signal.
	CancelSignal = SIGUSR2
)
View Source 
const (
	LANDLOCK_CREATE_RULESET_VERSION = 1 << iota
)
View Source 
const (
	// Nonexistent is a path that cannot exist.
	// /proc is chosen because a system with covered /proc is unsupported by this package.
	Nonexistent = fhs.Proc + "nonexistent"
)

Variables

View Source 
var (
	ErrReceiveEnv = errors.New("environment variable not set")
)

Functions

func IgnoringEINTR 

func IgnoringEINTR(fn func() error) error

IgnoringEINTR makes a function call and repeats it if it returns an EINTR error. This appears to be required even though we install all signal handlers with SA_RESTART: see #22838, #38033, #38836, #40846. Also #20400 and #36644 are issues in which a signal handler is installed without setting SA_RESTART. None of these are the common case, but there are enough of them that it seems that we can't avoid an EINTR loop.

func Init 

func Init(msg message.Msg)

Init is called by TryArgv0 if the current process is the container init.

func IsAutoRootBindable added in v0.1.3 

func IsAutoRootBindable(msg message.Msg, name string) bool

IsAutoRootBindable returns whether a dir entry name is selected for AutoRoot.

func Isatty added in v0.2.0 

func Isatty(fd int) bool

Isatty tests whether a file descriptor refers to a terminal.

func LandlockGetABI added in v0.2.0 

func LandlockGetABI() (int, error)

func LandlockRestrictSelf added in v0.2.0 

func LandlockRestrictSelf(rulesetFd int, flags uintptr) error

func LastCap 

func LastCap(msg message.Msg) uintptr

func MustExecutable 

func MustExecutable(msg message.Msg) string

func OverflowGid 

func OverflowGid(msg message.Msg) int

func OverflowUid 

func OverflowUid(msg message.Msg) int

func Prctl added in v0.3.0 

func Prctl(op, arg2, arg3 uintptr) error

Prctl manipulates various aspects of the behavior of the calling thread or process.

func Receive 

func Receive(key string, e any, fdp *uintptr) (func() error, error)

Receive retrieves setup fd from the environment and receives params.

func SetDumpable 

func SetDumpable(dumpable uintptr) error

SetDumpable sets the "dumpable" attribute of the calling process.

func SetNoNewPrivs added in v0.2.0 

func SetNoNewPrivs() error

SetNoNewPrivs sets the calling thread's no_new_privs attribute.

func SetPtracer added in v0.2.0 

func SetPtracer(pid uintptr) error

SetPtracer allows processes to ptrace(2) the calling process.

func Setup 

func Setup(extraFiles *[]*os.File) (int, *os.File, error)

Setup appends the read end of a pipe for setup params transmission and returns its fd.

func TryArgv0 

func TryArgv0(msg message.Msg)

TryArgv0 calls Init if the last element of argv0 is "init". If a nil msg is passed, the system logger is used instead.

Types

type AutoEtcOp 

type AutoEtcOp struct{ Prefix string }

func (*AutoEtcOp) Is 

func (e *AutoEtcOp) Is(op Op) bool

func (*AutoEtcOp) String 

func (e *AutoEtcOp) String() string

func (*AutoEtcOp) Valid added in v0.2.0 

func (e *AutoEtcOp) Valid() bool

type AutoRootOp added in v0.1.3 

type AutoRootOp struct {
	Host *check.Absolute
	// passed through to bindMount
	Flags int
	// contains filtered or unexported fields
}

func (*AutoRootOp) Is added in v0.1.3 

func (r *AutoRootOp) Is(op Op) bool

func (*AutoRootOp) String added in v0.1.3 

func (r *AutoRootOp) String() string

func (*AutoRootOp) Valid added in v0.2.0 

func (r *AutoRootOp) Valid() bool

type BindMountOp 

type BindMountOp struct {
	Source, Target *check.Absolute

	Flags int
	// contains filtered or unexported fields
}

BindMountOp bind mounts host path Source on container path Target. Note that Flags uses bits declared in this package and should not be set with constants in syscall.

func (*BindMountOp) Is 

func (b *BindMountOp) Is(op Op) bool

func (*BindMountOp) String 

func (b *BindMountOp) String() string

func (*BindMountOp) Valid added in v0.2.0 

func (b *BindMountOp) Valid() bool

type Container 

type Container struct {
	// Whether the container init should stay alive after its parent terminates.
	AllowOrphan bool
	// Cgroup fd, nil to disable.
	Cgroup *int
	// ExtraFiles passed through to initial process in the container,
	// with behaviour identical to its [exec.Cmd] counterpart.
	ExtraFiles []*os.File

	Stdin  io.Reader
	Stdout io.Writer
	Stderr io.Writer

	Cancel    func(cmd *exec.Cmd) error
	WaitDelay time.Duration

	Params
	// contains filtered or unexported fields
}

Container represents a container environment being prepared or run. None of Container methods are safe for concurrent use.

func New 

func New(ctx context.Context, msg message.Msg) *Container

New returns the address to a new instance of Container that requires further initialisation before use.

func NewCommand added in v0.2.0 

func NewCommand(ctx context.Context, msg message.Msg, pathname *check.Absolute, name string, args ...string) *Container

NewCommand calls New and initialises the [Params.Path] and [Params.Args] fields.

func (*Container) ProcessState added in v0.1.2 

func (p *Container) ProcessState() *os.ProcessState

ProcessState returns the address to os.ProcessState held by the underlying exec.Cmd.

func (*Container) Serve 

func (p *Container) Serve() error

Serve serves [Container.Params] to the container init. Serve must only be called once.

func (*Container) Start 

func (p *Container) Start() error

Start starts the container init. The init process blocks until Serve is called.

func (*Container) StderrPipe added in v0.2.2 

func (p *Container) StderrPipe() (r io.ReadCloser, err error)

StderrPipe calls the exec.Cmd method with the same name.

func (*Container) StdinPipe added in v0.2.2 

func (p *Container) StdinPipe() (w io.WriteCloser, err error)

StdinPipe calls the exec.Cmd method with the same name.

func (*Container) StdoutPipe added in v0.2.2 

func (p *Container) StdoutPipe() (r io.ReadCloser, err error)

StdoutPipe calls the exec.Cmd method with the same name.

func (*Container) String 

func (p *Container) String() string

func (*Container) Wait 

func (p *Container) Wait() error

Wait waits for the container init process to exit and releases any resources associated with the Container.

type DaemonOp added in v0.3.2 

type DaemonOp struct {
	// Pathname indicating readiness of daemon.
	Target *check.Absolute
	// Absolute pathname passed to [exec.Cmd].
	Path *check.Absolute
	// Arguments (excl. first) passed to [exec.Cmd].
	Args []string
}

DaemonOp starts a daemon in the container and blocks until Target appears.

func (*DaemonOp) Is added in v0.3.2 

func (d *DaemonOp) Is(op Op) bool

func (*DaemonOp) String added in v0.3.2 

func (d *DaemonOp) String() string

func (*DaemonOp) Valid added in v0.3.2 

func (d *DaemonOp) Valid() bool

type LandlockAccessFS added in v0.2.0 

type LandlockAccessFS uint64

LandlockAccessFS is bitmask of handled filesystem actions. 

const (
	LANDLOCK_ACCESS_FS_EXECUTE LandlockAccessFS = 1 << iota
	LANDLOCK_ACCESS_FS_WRITE_FILE
	LANDLOCK_ACCESS_FS_READ_FILE
	LANDLOCK_ACCESS_FS_READ_DIR
	LANDLOCK_ACCESS_FS_REMOVE_DIR
	LANDLOCK_ACCESS_FS_REMOVE_FILE
	LANDLOCK_ACCESS_FS_MAKE_CHAR
	LANDLOCK_ACCESS_FS_MAKE_DIR
	LANDLOCK_ACCESS_FS_MAKE_REG
	LANDLOCK_ACCESS_FS_MAKE_SOCK
	LANDLOCK_ACCESS_FS_MAKE_FIFO
	LANDLOCK_ACCESS_FS_MAKE_BLOCK
	LANDLOCK_ACCESS_FS_MAKE_SYM
	LANDLOCK_ACCESS_FS_REFER
	LANDLOCK_ACCESS_FS_TRUNCATE
	LANDLOCK_ACCESS_FS_IOCTL_DEV
)

func (LandlockAccessFS) String added in v0.2.0 

func (f LandlockAccessFS) String() string

type LandlockAccessNet added in v0.2.0 

type LandlockAccessNet uint64

LandlockAccessNet is bitmask of handled network actions. 

const (
	LANDLOCK_ACCESS_NET_BIND_TCP LandlockAccessNet = 1 << iota
	LANDLOCK_ACCESS_NET_CONNECT_TCP
)

func (LandlockAccessNet) String added in v0.2.0 

func (f LandlockAccessNet) String() string

type LandlockScope added in v0.2.0 

type LandlockScope uint64

LandlockScope is bitmask of scopes restricting a Landlock domain from accessing outside resources. 

const (
	LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET LandlockScope = 1 << iota
	LANDLOCK_SCOPE_SIGNAL
)

func (LandlockScope) String added in v0.2.0 

func (f LandlockScope) String() string

type MkdirOp 

type MkdirOp struct {
	Path *check.Absolute
	Perm os.FileMode
}

MkdirOp creates a directory at container Path with permission bits set to Perm.

func (*MkdirOp) Is 

func (m *MkdirOp) Is(op Op) bool

func (*MkdirOp) String 

func (m *MkdirOp) String() string

func (*MkdirOp) Valid added in v0.2.0 

func (m *MkdirOp) Valid() bool

type MountDevOp 

type MountDevOp struct {
	Target *check.Absolute
	Mqueue bool
	Write  bool
}

MountDevOp mounts a subset of host /dev on container path Target. If Mqueue is true, a private instance of FstypeMqueue is mounted. If Write is true, the resulting mount point is left writable.

func (*MountDevOp) Is 

func (d *MountDevOp) Is(op Op) bool

func (*MountDevOp) String 

func (d *MountDevOp) String() string

func (*MountDevOp) Valid added in v0.2.0 

func (d *MountDevOp) Valid() bool

type MountError added in v0.2.2 

type MountError struct {
	Source, Target, Fstype string

	Flags uintptr
	Data  string
	syscall.Errno
}

MountError wraps errors returned by syscall.Mount.

func (*MountError) Error added in v0.2.2 

func (e *MountError) Error() string

func (*MountError) Message added in v0.3.0 

func (e *MountError) Message() string

func (*MountError) Unwrap added in v0.2.2 

func (e *MountError) Unwrap() error

type MountOverlayOp added in v0.2.0 

type MountOverlayOp struct {
	Target *check.Absolute

	// Any filesystem, does not need to be on a writable filesystem.
	Lower []*check.Absolute

	// The upperdir is normally on a writable filesystem.
	//
	// If Work is nil and Upper holds the special value [fhs.AbsRoot],
	// an ephemeral upperdir and workdir will be set up.
	//
	// If both Work and Upper are nil, upperdir and workdir is omitted and the overlay is mounted readonly.
	Upper *check.Absolute

	// The workdir needs to be an empty directory on the same filesystem as upperdir.
	Work *check.Absolute
	// contains filtered or unexported fields
}

MountOverlayOp mounts FstypeOverlay on container path Target.

func (*MountOverlayOp) Is added in v0.2.0 

func (o *MountOverlayOp) Is(op Op) bool

func (*MountOverlayOp) String added in v0.2.0 

func (o *MountOverlayOp) String() string

func (*MountOverlayOp) Valid added in v0.2.0 

func (o *MountOverlayOp) Valid() bool

type MountProcOp 

type MountProcOp struct{ Target *check.Absolute }

MountProcOp mounts a new instance of FstypeProc on container path Target.

func (*MountProcOp) Is 

func (p *MountProcOp) Is(op Op) bool

func (*MountProcOp) String 

func (p *MountProcOp) String() string

func (*MountProcOp) Valid added in v0.2.0 

func (p *MountProcOp) Valid() bool

type MountTmpfsOp 

type MountTmpfsOp struct {
	FSName string
	Path   *check.Absolute
	Flags  uintptr
	Size   int
	Perm   os.FileMode
}

MountTmpfsOp mounts FstypeTmpfs on container Path.

func (*MountTmpfsOp) Is 

func (t *MountTmpfsOp) Is(op Op) bool

func (*MountTmpfsOp) String 

func (t *MountTmpfsOp) String() string

func (*MountTmpfsOp) Valid added in v0.2.0 

func (t *MountTmpfsOp) Valid() bool

type Op 

type Op interface {
	Is(op Op) bool
	Valid() bool
	fmt.Stringer
	// contains filtered or unexported methods
}

Op is a generic setup step ran inside the container init. Implementations of this interface are sent as a stream of gobs.

type OpRepeatError added in v0.2.2 

type OpRepeatError string

OpRepeatError is returned applying a repeated nonrepeatable Op.

func (OpRepeatError) Error added in v0.2.2 

func (e OpRepeatError) Error() string

type OpStateError added in v0.2.2 

type OpStateError string

OpStateError indicates an impossible internal state has been reached in an Op.

func (OpStateError) Error added in v0.2.2 

func (o OpStateError) Error() string

type Ops 

type Ops []Op

Ops is a collection of Op.

func (*Ops) Bind 

func (f *Ops) Bind(source, target *check.Absolute, flags int) *Ops

Bind appends an Op that bind mounts host path [BindMountOp.Source] on container path [BindMountOp.Target].

func (*Ops) Daemon added in v0.3.2 

func (f *Ops) Daemon(target, path *check.Absolute, args ...string) *Ops

Daemon appends an Op that starts a daemon in the container and blocks until [DaemonOp.Target] appears.

func (*Ops) Dev 

func (f *Ops) Dev(target *check.Absolute, mqueue bool) *Ops

Dev appends an Op that mounts a subset of host /dev.

func (*Ops) DevWritable added in v0.2.0 

func (f *Ops) DevWritable(target *check.Absolute, mqueue bool) *Ops

DevWritable appends an Op that mounts a writable subset of host /dev. There is usually no good reason to write to /dev, so this should always be followed by a RemountOp.

func (*Ops) Etc 

func (f *Ops) Etc(host *check.Absolute, prefix string) *Ops

Etc appends an Op that expands host /etc into a toplevel symlink mirror with /etc semantics. This is not a generic setup op. It is implemented here to reduce ipc overhead.

func (*Ops) Grow 

func (f *Ops) Grow(n int)

Grow grows the slice Ops points to using slices.Grow. 

func (f *Ops) Link(target *check.Absolute, linkName string, dereference bool) *Ops

Link appends an Op that creates a symlink in the container filesystem.

func (*Ops) Mkdir 

func (f *Ops) Mkdir(name *check.Absolute, perm os.FileMode) *Ops

Mkdir appends an Op that creates a directory in the container filesystem.

func (*Ops) Overlay added in v0.2.0 

func (f *Ops) Overlay(target, state, work *check.Absolute, layers ...*check.Absolute) *Ops

Overlay appends an Op that mounts the overlay pseudo filesystem on [MountOverlayOp.Target].

func (*Ops) OverlayEphemeral added in v0.2.0 

func (f *Ops) OverlayEphemeral(target *check.Absolute, layers ...*check.Absolute) *Ops

OverlayEphemeral appends an Op that mounts the overlay pseudo filesystem on [MountOverlayOp.Target] with an ephemeral upperdir and workdir.

func (*Ops) OverlayReadonly added in v0.2.0 

func (f *Ops) OverlayReadonly(target *check.Absolute, layers ...*check.Absolute) *Ops

OverlayReadonly appends an Op that mounts the overlay pseudo filesystem readonly on [MountOverlayOp.Target]

func (*Ops) Place 

func (f *Ops) Place(name *check.Absolute, data []byte) *Ops

Place appends an Op that places a file in container path [TmpfileOp.Path] containing [TmpfileOp.Data].

func (*Ops) Proc 

func (f *Ops) Proc(target *check.Absolute) *Ops

Proc appends an Op that mounts a private instance of proc.

func (*Ops) Readonly added in v0.1.3 

func (f *Ops) Readonly(target *check.Absolute, perm os.FileMode) *Ops

Readonly appends an Op that mounts read-only tmpfs on container path [MountTmpfsOp.Path].

func (*Ops) Remount added in v0.1.3 

func (f *Ops) Remount(target *check.Absolute, flags uintptr) *Ops

Remount appends an Op that applies [RemountOp.Flags] on container path [RemountOp.Target].

func (*Ops) Root added in v0.1.3 

func (f *Ops) Root(host *check.Absolute, flags int) *Ops

Root appends an Op that expands a directory into a toplevel bind mount mirror on container root. This is not a generic setup op. It is implemented here to reduce ipc overhead.

func (*Ops) Tmpfs 

func (f *Ops) Tmpfs(target *check.Absolute, size int, perm os.FileMode) *Ops

Tmpfs appends an Op that mounts tmpfs on container path [MountTmpfsOp.Path].

type OverlayArgumentError added in v0.2.2 

type OverlayArgumentError struct {
	Type  uintptr
	Value string
}

OverlayArgumentError is returned for MountOverlayOp supplied with invalid argument.

func (*OverlayArgumentError) Error added in v0.2.2 

func (e *OverlayArgumentError) Error() string

type Params 

type Params struct {
	// Working directory in the container.
	Dir *check.Absolute
	// Initial process environment.
	Env []string
	// Pathname of initial process in the container.
	Path *check.Absolute
	// Initial process argv.
	Args []string
	// Deliver SIGINT to the initial process on context cancellation.
	ForwardCancel bool
	// Time to wait for processes lingering after the initial process terminates.
	AdoptWaitDelay time.Duration

	// Mapped Uid in user namespace.
	Uid int
	// Mapped Gid in user namespace.
	Gid int
	// Hostname value in UTS namespace.
	Hostname string
	// Sequential container setup ops.
	*Ops

	// Seccomp system call filter rules.
	SeccompRules []std.NativeRule
	// Extra seccomp flags.
	SeccompFlags seccomp.ExportFlag
	// Seccomp presets. Has no effect unless SeccompRules is zero-length.
	SeccompPresets std.FilterPreset
	// Do not load seccomp program.
	SeccompDisable bool

	// Permission bits of newly created parent directories.
	// The zero value is interpreted as 0755.
	ParentPerm os.FileMode
	// Do not syscall.Setsid.
	RetainSession bool
	// Do not [syscall.CLONE_NEWNET].
	HostNet bool
	// Do not [LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET].
	HostAbstract bool
	// Retain CAP_SYS_ADMIN.
	Privileged bool
}

Params holds container configuration and is safe to serialise.

type RemountOp added in v0.1.3 

type RemountOp struct {
	Target *check.Absolute
	Flags  uintptr
}

RemountOp remounts Target with Flags.

func (*RemountOp) Is added in v0.1.3 

func (r *RemountOp) Is(op Op) bool

func (*RemountOp) String added in v0.1.3 

func (r *RemountOp) String() string

func (*RemountOp) Valid added in v0.2.0 

func (r *RemountOp) Valid() bool

type RulesetAttr added in v0.2.0 

type RulesetAttr struct {
	// Bitmask of handled filesystem actions.
	HandledAccessFS LandlockAccessFS
	// Bitmask of handled network actions.
	HandledAccessNet LandlockAccessNet
	// Bitmask of scopes restricting a Landlock domain from accessing outside resources (e.g. IPCs).
	Scoped LandlockScope
}

RulesetAttr is equivalent to struct landlock_ruleset_attr.

func (*RulesetAttr) Create added in v0.2.0 

func (rulesetAttr *RulesetAttr) Create(flags uintptr) (fd int, err error)

func (*RulesetAttr) String added in v0.2.0 

func (rulesetAttr *RulesetAttr) String() string

type StartError added in v0.2.2 

type StartError struct {
	// Fatal suggests whether this error should be considered fatal for the entire program.
	Fatal bool
	// Step refers to the part of the setup this error is returned from.
	Step string
	// Err is the underlying error.
	Err error
	// Origin is whether this error originated from the [Container.Start] method.
	Origin bool
	// Passthrough is whether the Error method is passed through to Err.
	Passthrough bool
}

A StartError contains additional information on a container startup failure.

func (*StartError) Error added in v0.2.2 

func (e *StartError) Error() string

func (*StartError) Message added in v0.2.2 

func (e *StartError) Message() string

Message returns a user-facing error message.

func (*StartError) Unwrap added in v0.2.2 

func (e *StartError) Unwrap() error

type SymlinkOp 

type SymlinkOp struct {
	Target *check.Absolute
	// LinkName is an arbitrary uninterpreted pathname.
	LinkName string

	// Dereference causes LinkName to be dereferenced during early.
	Dereference bool
}

SymlinkOp optionally dereferences LinkName and creates a symlink at container path Target.

func (*SymlinkOp) Is 

func (l *SymlinkOp) Is(op Op) bool

func (*SymlinkOp) String 

func (l *SymlinkOp) String() string

func (*SymlinkOp) Valid added in v0.2.0 

func (l *SymlinkOp) Valid() bool

type TmpfileOp 

type TmpfileOp struct {
	Path *check.Absolute
	Data []byte
}

TmpfileOp places a file on container Path containing Data.

func (*TmpfileOp) Is 

func (t *TmpfileOp) Is(op Op) bool

func (*TmpfileOp) String 

func (t *TmpfileOp) String() string

func (*TmpfileOp) Valid added in v0.2.0 

func (t *TmpfileOp) Valid() bool

type TmpfsSizeError added in v0.2.2 

type TmpfsSizeError int

func (TmpfsSizeError) Error added in v0.2.2 

func (e TmpfsSizeError) Error() string

Source Files

View all Source files

Directories

Path Synopsis
Package check provides types yielding values checked to meet a condition.
 Package check provides types yielding values checked to meet a condition.
Package fhs provides constant and checked pathname values for common FHS paths.
 Package fhs provides constant and checked pathname values for common FHS paths.
Package std contains constants from container packages without depending on cgo.
 Package std contains constants from container packages without depending on cgo.
Package stub provides function call level stubbing and validation for library functions that are impossible to check otherwise.
 Package stub provides function call level stubbing and validation for library functions that are impossible to check otherwise.
Package vfs provides bindings and iterators over proc_pid_mountinfo(5).
 Package vfs provides bindings and iterators over proc_pid_mountinfo(5).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.