host

package

v0.0.0-...-4bf4b70 Latest Latest Go to latest Published: Jan 24, 2021 License: Apache-2.0, MIT Imports: 35 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/imgk/gvisor

Documentation ¶

Overview ¶

Package host provides a filesystem implementation for host files imported as file descriptors.

Index ¶

Constants
func ImportFD(ctx context.Context, mnt *vfs.Mount, hostFD int, isTTY bool) (*vfs.FileDescription, error)
func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions) (*vfs.FileDescription, error)
func NewFilesystem(vfsObj *vfs.VirtualFilesystem) (*vfs.Filesystem, error)
type ConnectedEndpoint
- func NewConnectedEndpoint(ctx context.Context, hostFD int, addr string, saveable bool) (*ConnectedEndpoint, *syserr.Error)
type ConnectedEndpointRefs
type NewFDOptions
type SCMConnectedEndpoint
- func NewSCMEndpoint(ctx context.Context, hostFD int, queue *waiter.Queue, addr string) (*SCMConnectedEndpoint, *syserr.Error)
- func (e *SCMConnectedEndpoint) Init() error
- func (e *SCMConnectedEndpoint) Release(ctx context.Context)
type TTYFileDescription

Constants ¶

View Source

const ConnectedEndpointenableLogging = false

enableLogging indicates whether reference-related events should be logged (with stack traces). This is false by default and should only be set to true for debugging purposes, as it can generate an extremely large amount of output and drastically degrade performance.

Variables ¶

This section is empty.

Functions ¶

func ImportFD ¶

func ImportFD(ctx context.Context, mnt *vfs.Mount, hostFD int, isTTY bool) (*vfs.FileDescription, error)

ImportFD sets up and returns a vfs.FileDescription from a donated fd.

func NewFD ¶

func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions) (*vfs.FileDescription, error)

NewFD returns a vfs.FileDescription representing the given host file descriptor. mnt must be Kernel.HostMount().

func NewFilesystem ¶

func NewFilesystem(vfsObj *vfs.VirtualFilesystem) (*vfs.Filesystem, error)

NewFilesystem sets up and returns a new hostfs filesystem.

Note that there should only ever be one instance of host.filesystem, a global mount for host fds.

Types ¶

type ConnectedEndpoint ¶

type ConnectedEndpoint struct {
	ConnectedEndpointRefs
	// contains filtered or unexported fields
}

ConnectedEndpoint is an implementation of transport.ConnectedEndpoint and transport.Receiver. It is backed by a host fd that was imported at sentry startup. This fd is shared with a hostfs inode, which retains ownership of it.

ConnectedEndpoint is saveable, since we expect that the host will provide the same fd upon restore.

As of this writing, we only allow Unix sockets to be imported.

+stateify savable

var ConnectedEndpointobj *ConnectedEndpoint

obj is used to customize logging. Note that we use a pointer to T so that we do not copy the entire object when passed as a format parameter.

func NewConnectedEndpoint ¶

func NewConnectedEndpoint(ctx context.Context, hostFD int, addr string, saveable bool) (*ConnectedEndpoint, *syserr.Error)

NewConnectedEndpoint creates a new ConnectedEndpoint backed by a host fd imported at sentry startup,

The caller is responsible for calling Init(). Additionaly, Release needs to be called twice because ConnectedEndpoint is both a transport.Receiver and transport.ConnectedEndpoint.

func (*ConnectedEndpoint) CloseNotify ¶

func (c *ConnectedEndpoint) CloseNotify()

CloseNotify implements transport.ConnectedEndpoint.CloseNotify.

func (*ConnectedEndpoint) CloseRecv ¶

func (c *ConnectedEndpoint) CloseRecv()

CloseRecv implements transport.Receiver.CloseRecv.

func (*ConnectedEndpoint) CloseSend ¶

func (c *ConnectedEndpoint) CloseSend()

CloseSend implements transport.ConnectedEndpoint.CloseSend.

func (*ConnectedEndpoint) CloseUnread ¶

func (c *ConnectedEndpoint) CloseUnread()

CloseUnread implements transport.ConnectedEndpoint.CloseUnread.

func (*ConnectedEndpoint) EventUpdate ¶

func (c *ConnectedEndpoint) EventUpdate()

EventUpdate implements transport.ConnectedEndpoint.EventUpdate.

func (*ConnectedEndpoint) GetLocalAddress ¶

func (c *ConnectedEndpoint) GetLocalAddress() (tcpip.FullAddress, *tcpip.Error)

GetLocalAddress implements transport.ConnectedEndpoint.GetLocalAddress.

func (*ConnectedEndpoint) Passcred ¶

func (c *ConnectedEndpoint) Passcred() bool

Passcred implements transport.ConnectedEndpoint.Passcred.

func (*ConnectedEndpoint) Readable ¶

func (c *ConnectedEndpoint) Readable() bool

Readable implements transport.Receiver.Readable.

func (*ConnectedEndpoint) Recv ¶

func (c *ConnectedEndpoint) Recv(ctx context.Context, data [][]byte, creds bool, numRights int, peek bool) (int64, int64, transport.ControlMessages, bool, tcpip.FullAddress, bool, *syserr.Error)

Recv implements transport.Receiver.Recv.

func (*ConnectedEndpoint) RecvMaxQueueSize ¶

func (c *ConnectedEndpoint) RecvMaxQueueSize() int64

RecvMaxQueueSize implements transport.Receiver.RecvMaxQueueSize.

func (*ConnectedEndpoint) RecvNotify ¶

func (c *ConnectedEndpoint) RecvNotify()

RecvNotify implements transport.Receiver.RecvNotify.

func (*ConnectedEndpoint) RecvQueuedSize ¶

func (c *ConnectedEndpoint) RecvQueuedSize() int64

RecvQueuedSize implements transport.Receiver.RecvQueuedSize.

func (*ConnectedEndpoint) Release ¶

func (c *ConnectedEndpoint) Release(ctx context.Context)

Release implements transport.ConnectedEndpoint.Release and transport.Receiver.Release.

func (*ConnectedEndpoint) Send ¶

func (c *ConnectedEndpoint) Send(ctx context.Context, data [][]byte, controlMessages transport.ControlMessages, from tcpip.FullAddress) (int64, bool, *syserr.Error)

Send implements transport.ConnectedEndpoint.Send.

func (*ConnectedEndpoint) SendMaxQueueSize ¶

func (c *ConnectedEndpoint) SendMaxQueueSize() int64

SendMaxQueueSize implements transport.Receiver.SendMaxQueueSize.

func (*ConnectedEndpoint) SendNotify ¶

func (c *ConnectedEndpoint) SendNotify()

SendNotify implements transport.ConnectedEndpoint.SendNotify.

func (*ConnectedEndpoint) SendQueuedSize ¶

func (c *ConnectedEndpoint) SendQueuedSize() int64

SendQueuedSize implements transport.Receiver.SendQueuedSize.

func (*ConnectedEndpoint) StateFields ¶

func (c *ConnectedEndpoint) StateFields() []string

func (*ConnectedEndpoint) StateLoad ¶

func (c *ConnectedEndpoint) StateLoad(stateSourceObject state.Source)

func (*ConnectedEndpoint) StateSave ¶

func (c *ConnectedEndpoint) StateSave(stateSinkObject state.Sink)

func (*ConnectedEndpoint) StateTypeName ¶

func (c *ConnectedEndpoint) StateTypeName() string

func (*ConnectedEndpoint) Writable ¶

func (c *ConnectedEndpoint) Writable() bool

Writable implements transport.ConnectedEndpoint.Writable.

type ConnectedEndpointRefs ¶

type ConnectedEndpointRefs struct {
	// contains filtered or unexported fields
}

Refs implements refs.RefCounter. It keeps a reference count using atomic operations and calls the destructor when the count reaches zero.

+stateify savable

func (*ConnectedEndpointRefs) DecRef ¶

func (r *ConnectedEndpointRefs) DecRef(destroy func())

DecRef implements refs.RefCounter.DecRef.

Note that speculative references are counted here. Since they were added prior to real references reaching zero, they will successfully convert to real references. In other words, we see speculative references only in the following case:

A: TryIncRef [speculative increase => sees non-negative references]
B: DecRef [real decrease]
A: TryIncRef [transform speculative to real]

func (*ConnectedEndpointRefs) IncRef ¶

func (r *ConnectedEndpointRefs) IncRef()

IncRef implements refs.RefCounter.IncRef.

func (*ConnectedEndpointRefs) InitRefs ¶

func (r *ConnectedEndpointRefs) InitRefs()

InitRefs initializes r with one reference and, if enabled, activates leak checking.

func (*ConnectedEndpointRefs) LeakMessage ¶

func (r *ConnectedEndpointRefs) LeakMessage() string

LeakMessage implements refsvfs2.CheckedObject.LeakMessage.

func (*ConnectedEndpointRefs) LogRefs ¶

func (r *ConnectedEndpointRefs) LogRefs() bool

LogRefs implements refsvfs2.CheckedObject.LogRefs.

func (*ConnectedEndpointRefs) ReadRefs ¶

func (r *ConnectedEndpointRefs) ReadRefs() int64

ReadRefs returns the current number of references. The returned count is inherently racy and is unsafe to use without external synchronization.

func (*ConnectedEndpointRefs) RefType ¶

func (r *ConnectedEndpointRefs) RefType() string

RefType implements refsvfs2.CheckedObject.RefType.

func (*ConnectedEndpointRefs) StateFields ¶

func (r *ConnectedEndpointRefs) StateFields() []string

func (*ConnectedEndpointRefs) StateLoad ¶

func (r *ConnectedEndpointRefs) StateLoad(stateSourceObject state.Source)

func (*ConnectedEndpointRefs) StateSave ¶

func (r *ConnectedEndpointRefs) StateSave(stateSinkObject state.Sink)

func (*ConnectedEndpointRefs) StateTypeName ¶

func (r *ConnectedEndpointRefs) StateTypeName() string

func (*ConnectedEndpointRefs) TryIncRef ¶

func (r *ConnectedEndpointRefs) TryIncRef() bool

TryIncRef implements refs.RefCounter.TryIncRef.

To do this safely without a loop, a speculative reference is first acquired on the object. This allows multiple concurrent TryIncRef calls to distinguish other TryIncRef calls from genuine references held.

type NewFDOptions ¶

type NewFDOptions struct {
	// If Savable is true, the host file descriptor may be saved/restored by
	// numeric value; the sandbox API requires a corresponding host FD with the
	// same numeric value to be provieded at time of restore.
	Savable bool

	// If IsTTY is true, the file descriptor is a TTY.
	IsTTY bool

	// If HaveFlags is true, use Flags for the new file description. Otherwise,
	// the new file description will inherit flags from hostFD.
	HaveFlags bool
	Flags     uint32
}

NewFDOptions contains options to NewFD.

type SCMConnectedEndpoint ¶

type SCMConnectedEndpoint struct {
	ConnectedEndpoint
	// contains filtered or unexported fields
}

SCMConnectedEndpoint represents an endpoint backed by a host fd that was passed through a gofer Unix socket. It resembles ConnectedEndpoint, with the following differences: - SCMConnectedEndpoint is not saveable, because the host cannot guarantee the same descriptor number across S/R. - SCMConnectedEndpoint holds ownership of its fd and notification queue.

func NewSCMEndpoint ¶

func NewSCMEndpoint(ctx context.Context, hostFD int, queue *waiter.Queue, addr string) (*SCMConnectedEndpoint, *syserr.Error)

NewSCMEndpoint creates a new SCMConnectedEndpoint backed by a host fd that was passed through a Unix socket.

The caller is responsible for calling Init(). Additionaly, Release needs to be called twice because ConnectedEndpoint is both a transport.Receiver and transport.ConnectedEndpoint.

func (*SCMConnectedEndpoint) Init ¶

func (e *SCMConnectedEndpoint) Init() error

Init will do the initialization required without holding other locks.

func (*SCMConnectedEndpoint) Release ¶

func (e *SCMConnectedEndpoint) Release(ctx context.Context)

Release implements transport.ConnectedEndpoint.Release and transport.Receiver.Release.

type TTYFileDescription ¶

type TTYFileDescription struct {
	// contains filtered or unexported fields
}

TTYFileDescription implements vfs.FileDescriptionImpl for a host file descriptor that wraps a TTY FD.

+stateify savable

func (*TTYFileDescription) Allocate ¶

func (f *TTYFileDescription) Allocate(ctx context.Context, mode, offset, length uint64) error

Allocate implements vfs.FileDescriptionImpl.Allocate.

func (*TTYFileDescription) ConfigureMMap ¶

func (f *TTYFileDescription) ConfigureMMap(_ context.Context, opts *memmap.MMapOpts) error

ConfigureMMap implements vfs.FileDescriptionImpl.ConfigureMMap.

func (*TTYFileDescription) EventRegister ¶

func (f *TTYFileDescription) EventRegister(e *waiter.Entry, mask waiter.EventMask)

EventRegister implements waiter.Waitable.EventRegister.

func (*TTYFileDescription) EventUnregister ¶

func (f *TTYFileDescription) EventUnregister(e *waiter.Entry)

EventUnregister implements waiter.Waitable.EventUnregister.

func (*TTYFileDescription) ForegroundProcessGroup ¶

func (t *TTYFileDescription) ForegroundProcessGroup() *kernel.ProcessGroup

ForegroundProcessGroup returns the foreground process for the TTY.

func (*TTYFileDescription) InitForegroundProcessGroup ¶

func (t *TTYFileDescription) InitForegroundProcessGroup(pg *kernel.ProcessGroup)

InitForegroundProcessGroup sets the foreground process group and session for the TTY. This should only be called once, after the foreground process group has been created, but before it has started running.

func (*TTYFileDescription) Ioctl ¶

func (t *TTYFileDescription) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArguments) (uintptr, error)

Ioctl implements vfs.FileDescriptionImpl.Ioctl.

func (*TTYFileDescription) PRead ¶

func (t *TTYFileDescription) PRead(ctx context.Context, dst usermem.IOSequence, offset int64, opts vfs.ReadOptions) (int64, error)

PRead implements vfs.FileDescriptionImpl.PRead.

Reading from a TTY is only allowed for foreground process groups. Background process groups will either get EIO or a SIGTTIN.

func (*TTYFileDescription) PWrite ¶

func (t *TTYFileDescription) PWrite(ctx context.Context, src usermem.IOSequence, offset int64, opts vfs.WriteOptions) (int64, error)

PWrite implements vfs.FileDescriptionImpl.PWrite.

func (*TTYFileDescription) Read ¶

func (t *TTYFileDescription) Read(ctx context.Context, dst usermem.IOSequence, opts vfs.ReadOptions) (int64, error)

Read implements vfs.FileDescriptionImpl.Read.

Reading from a TTY is only allowed for foreground process groups. Background process groups will either get EIO or a SIGTTIN.

func (*TTYFileDescription) Readiness ¶

func (f *TTYFileDescription) Readiness(mask waiter.EventMask) waiter.EventMask

Readiness uses the poll() syscall to check the status of the underlying FD.

func (*TTYFileDescription) Release ¶

func (t *TTYFileDescription) Release(ctx context.Context)

Release implements fs.FileOperations.Release.

func (*TTYFileDescription) Seek ¶

func (f *TTYFileDescription) Seek(_ context.Context, offset int64, whence int32) (int64, error)

Seek implements vfs.FileDescriptionImpl.Seek.

Note that we do not support seeking on directories, since we do not even allow directory fds to be imported at all.

func (*TTYFileDescription) SetStat ¶

func (f *TTYFileDescription) SetStat(ctx context.Context, opts vfs.SetStatOptions) error

SetStat implements vfs.FileDescriptionImpl.SetStat.

func (*TTYFileDescription) Stat ¶

func (f *TTYFileDescription) Stat(ctx context.Context, opts vfs.StatOptions) (linux.Statx, error)

Stat implements vfs.FileDescriptionImpl.Stat.

func (*TTYFileDescription) StateFields ¶

func (t *TTYFileDescription) StateFields() []string

func (*TTYFileDescription) StateLoad ¶

func (t *TTYFileDescription) StateLoad(stateSourceObject state.Source)

func (*TTYFileDescription) StateSave ¶

func (t *TTYFileDescription) StateSave(stateSinkObject state.Sink)

func (*TTYFileDescription) StateTypeName ¶

func (t *TTYFileDescription) StateTypeName() string

func (*TTYFileDescription) Sync ¶

func (f *TTYFileDescription) Sync(ctx context.Context) error

Sync implements vfs.FileDescriptionImpl.Sync.

func (*TTYFileDescription) Write ¶

func (t *TTYFileDescription) Write(ctx context.Context, src usermem.IOSequence, opts vfs.WriteOptions) (int64, error)

Write implements vfs.FileDescriptionImpl.Write.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL