boot

package
v0.0.0-...-23e6066 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2018 License: Apache-2.0 Imports: 60 Imported by: 0

Documentation

Overview

Package boot loads the kernel and runs the application.

Index

Constants

View Source 
const (
	// ApplicationStart is the URPC endpoint for starting a sandboxed app.
	ApplicationStart = "application.Start"

	// ApplicationProcesses is the URPC endpoint for getting the list of
	// processes running in a sandbox.
	ApplicationProcesses = "application.Processes"

	// ApplicationExecute is the URPC endpoint for executing a command in a
	// sandbox.
	ApplicationExecute = "application.Execute"

	// ApplicationEvent is the URPC endpoint for getting stats about the
	// container used by "runsc events".
	ApplicationEvent = "application.Event"

	// NetworkCreateLinksAndRoutes is the URPC endpoint for creating links
	// and routes in a network stack.
	NetworkCreateLinksAndRoutes = "Network.CreateLinksAndRoutes"
)

Variables

This section is empty.

Functions

func ApplyCaps 

func ApplyCaps(conf *Config, caps *specs.LinuxCapabilities) error

ApplyCaps applies the capabilities in the spec to the current thread.

Note that it must be called with current thread locked.

func ControlSocketAddr 

func ControlSocketAddr(id string) string

ControlSocketAddr generates an abstract unix socket name for the given id.

Types

type Config 

type Config struct {
	// RootDir is the runtime root directory.
	RootDir string

	// FileAccess indicates how the filesystem is accessed.
	FileAccess FileAccessType

	// Overlay is whether to wrap the root filesystem in an overlay.
	Overlay bool

	// Network indicates what type of network to use.
	Network NetworkType

	// LogPackets indicates that all network packets should be logged.
	LogPackets bool

	// Platform is the platform to run on.
	Platform PlatformType

	// Strace indicates that strace should be enabled.
	Strace bool

	// StraceSyscalls is the set of syscalls to trace.  If StraceEnable is
	// true and this list is empty, then all syscalls will be traced.
	StraceSyscalls []string

	// StraceLogSize is the max size of data blobs to display.
	StraceLogSize uint

	// DisableSeccomp indicates whether seccomp syscall filters should be
	// disabled. Pardon the double negation, but default to enabled is important.
	DisableSeccomp bool
}

Config holds configuration that is not part of the runtime spec.

type CreateLinksAndRoutesArgs 

type CreateLinksAndRoutesArgs struct {
	// FilePayload contains the fds associated with the FDBasedLinks.  The
	// two slices must have the same length.
	urpc.FilePayload

	LoopbackLinks []LoopbackLink
	FDBasedLinks  []FDBasedLink

	DefaultGateway DefaultRoute
}

CreateLinksAndRoutesArgs are arguments to CreateLinkAndRoutes.

type DefaultRoute 

type DefaultRoute struct {
	Route Route
	Name  string
}

DefaultRoute represents a catch all route to the default gateway.

type Event 

type Event struct {
	Type string      `json:"type"`
	ID   string      `json:"id"`
	Data interface{} `json:"data,omitempty"`
}

Event struct for encoding the event data to JSON. Corresponds to runc's main.event struct. 

type FDBasedLink struct {
	Name      string
	MTU       int
	Addresses []net.IP
	Routes    []Route
}

FDBasedLink configures an fd-based link.

type FileAccessType 

type FileAccessType int

FileAccessType tells how the filesystem is accessed. 

const (
	// FileAccessProxy sends IO requests to a Gofer process that validates the
	// requests and forwards them to the host.
	FileAccessProxy FileAccessType = iota

	// FileAccessDirect connects the sandbox directly to the host filesystem.
	FileAccessDirect
)

func MakeFileAccessType 

func MakeFileAccessType(s string) (FileAccessType, error)

MakeFileAccessType converts type from string.

func (FileAccessType) String 

func (f FileAccessType) String() string

type Loader 

type Loader struct {
	// contains filtered or unexported fields
}

Loader keeps state needed to start the kernel and run the application.

func New 

func New(spec *specs.Spec, conf *Config, controllerFD int, ioFDs []int, console bool) (*Loader, error)

New initializes a new kernel loader configured by spec.

func (*Loader) Destroy 

func (l *Loader) Destroy()

Destroy cleans up all resources used by the loader.

func (*Loader) Run 

func (l *Loader) Run() error

Run runs the application.

func (*Loader) WaitExit 

func (l *Loader) WaitExit() kernel.ExitStatus

WaitExit waits for the application to exit, and returns the application's exit status.

func (*Loader) WaitForStartSignal 

func (l *Loader) WaitForStartSignal()

WaitForStartSignal waits for a start signal from the control server. 

type LoopbackLink struct {
	Name      string
	Addresses []net.IP
	Routes    []Route
}

LoopbackLink configures a loopback li nk.

type Memory 

type Memory struct {
	Cache     uint64            `json:"cache,omitempty"`
	Usage     MemoryEntry       `json:"usage,omitempty"`
	Swap      MemoryEntry       `json:"swap,omitempty"`
	Kernel    MemoryEntry       `json:"kernel,omitempty"`
	KernelTCP MemoryEntry       `json:"kernelTCP,omitempty"`
	Raw       map[string]uint64 `json:"raw,omitempty"`
}

Memory contains stats on memory.

type MemoryEntry 

type MemoryEntry struct {
	Limit   uint64 `json:"limit"`
	Usage   uint64 `json:"usage,omitempty"`
	Max     uint64 `json:"max,omitempty"`
	Failcnt uint64 `json:"failcnt"`
}

MemoryEntry contains stats on a kind of memory.

type Network 

type Network struct {
	Stack *stack.Stack
}

Network exposes methods that can be used to configure a network stack.

func (*Network) CreateLinksAndRoutes 

func (n *Network) CreateLinksAndRoutes(args *CreateLinksAndRoutesArgs, _ *struct{}) error

CreateLinksAndRoutes creates links and routes in a network stack. It should only be called once.

type NetworkType 

type NetworkType int

NetworkType tells which network stack to use. 

const (
	// NetworkSandbox uses internal network stack, isolated from the host.
	NetworkSandbox NetworkType = iota

	// NetworkHost redirects network related syscalls to the host network.
	NetworkHost

	// NetworkNone sets up just loopback using netstack.
	NetworkNone
)

func MakeNetworkType 

func MakeNetworkType(s string) (NetworkType, error)

MakeNetworkType converts type from string.

func (NetworkType) String 

func (n NetworkType) String() string

type Pids 

type Pids struct {
	Current uint64 `json:"current,omitempty"`
	Limit   uint64 `json:"limit,omitempty"`
}

Pids contains stats on processes.

type PlatformType 

type PlatformType int

PlatformType tells which platform to use. 

const (
	// Ptrace runs the sandbox with the ptrace platform.
	PlatformPtrace PlatformType = iota

	// KVM runs the sandbox with the KVM platform.
	PlatformKVM
)

func MakePlatformType 

func MakePlatformType(s string) (PlatformType, error)

MakePlatformType converts type from string.

func (PlatformType) String 

func (p PlatformType) String() string

type Route 

type Route struct {
	Destination net.IP
	Mask        net.IPMask
	Gateway     net.IP
}

Route represents a route in the network stack.

func (*Route) Empty 

func (r *Route) Empty() bool

Empty returns true if route hasn't been set.

type Stats 

type Stats struct {
	Memory Memory `json:"memory"`
	Pids   Pids   `json:"pids"`
}

Stats is the runc specific stats structure for stability when encoding and decoding stats. TODO: Many fields aren't obtainable due to a lack of cgroups.

Source Files

View all Source files

Directories

Path Synopsis
Package filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
 Package filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.