Documentation
¶
Overview ¶
Package fsgofer implements p9.File giving access to local files using a simple mapping from a path prefix that is added to the path requested by the sandbox. Ex:
prefix: "/docker/imgs/alpine" app path: /bin/ls => /docker/imgs/alpine/bin/ls
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAttachPoint ¶
NewAttachPoint creates a new attacher that gives local file access to all files under 'prefix'. 'prefix' must be an absolute path.
func OpenProcSelfFD ¶
func OpenProcSelfFD() error
OpenProcSelfFD opens the /proc/self/fd directory, which will be used to reopen file descriptors.
Types ¶
type Config ¶
type Config struct {
// ROMount is set to true if this is a readonly mount.
ROMount bool
// PanicOnWrite panics on attempts to write to RO mounts.
PanicOnWrite bool
// HostUDS signals whether the gofer can mount a host's UDS.
HostUDS bool
// EnableVerityXattr allows access to extended attributes used by the
// verity file system.
EnableVerityXattr bool
}
Config sets configuration options for each attach point.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
|
Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised. |
Click to show internal directories.
Click to hide internal directories.