fsgofer

package

v0.0.0-...-ba09d25 Latest Latest Go to latest Published: Dec 29, 2021 License: Apache-2.0, MIT Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jaakali/gvisor

Documentation ¶

Rendered for

Overview ¶

Package fsgofer implements p9.File giving access to local files using a simple mapping from a path prefix that is added to the path requested by the sandbox. Ex:

prefix: "/docker/imgs/alpine"
app path: /bin/ls => /docker/imgs/alpine/bin/ls

Index ¶

func NewAttachPoint(prefix string, c Config) (p9.Attacher, error)
func OpenProcSelfFD() error
type Config
type LisafsServer
- func NewLisafsServer(config Config) *LisafsServer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewAttachPoint ¶

func NewAttachPoint(prefix string, c Config) (p9.Attacher, error)

NewAttachPoint creates a new attacher that gives local file access to all files under 'prefix'. 'prefix' must be an absolute path.

func OpenProcSelfFD ¶

func OpenProcSelfFD() error

OpenProcSelfFD opens the /proc/self/fd directory, which will be used to reopen file descriptors.

Types ¶

type Config ¶

type Config struct {
	// ROMount is set to true if this is a readonly mount.
	ROMount bool

	// PanicOnWrite panics on attempts to write to RO mounts.
	PanicOnWrite bool

	// HostUDS signals whether the gofer can mount a host's UDS.
	HostUDS bool

	// EnableVerityXattr allows access to extended attributes used by the
	// verity file system.
	EnableVerityXattr bool
}

Config sets configuration options for each attach point.

type LisafsServer ¶

type LisafsServer struct {
	lisafs.Server
	// contains filtered or unexported fields
}

LisafsServer implements lisafs.ServerImpl for fsgofer.

func NewLisafsServer ¶

func NewLisafsServer(config Config) *LisafsServer

NewLisafsServer initializes a new lisafs server for fsgofer.

func (*LisafsServer) MaxMessageSize ¶

func (s *LisafsServer) MaxMessageSize() uint32

MaxMessageSize implements lisafs.ServerImpl.MaxMessageSize.

func (*LisafsServer) Mount ¶

func (s *LisafsServer) Mount(c *lisafs.Connection, mountPath string) (lisafs.ControlFDImpl, lisafs.Inode, error)

Mount implements lisafs.ServerImpl.Mount.

func (*LisafsServer) SupportedMessages ¶

func (s *LisafsServer) SupportedMessages() []lisafs.MID

SupportedMessages implements lisafs.ServerImpl.SupportedMessages.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
filter Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.	Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL