sandbox

package

v0.0.0-...-c5bc0ce Latest Latest Go to latest Published: Jul 14, 2019 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jauhararifin/ugrade

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	// ExitCodeTimeLimitExceeded is error code that returned by child process when
	// the command is exceeding specified time limit.
	ExitCodeTimeLimitExceeded = 11

	// ExitCodeMemoryLimitExceeded is error code that returned by child process when
	// the command is exceeding specified memory limit.
	ExitCodeMemoryLimitExceeded = 12

	// ExitCodeInternalError is error code that returned by child process when
	// the command is failed to processed
	ExitCodeInternalError = 13

	// ExitCodeRuntimeError is error code that returned by child process when
	// the command exit code is not zero
	ExitCodeRuntimeError = 14
)

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New() ugrade.Sandbox

New create default implementation of `Executor`

Types ¶

type CGroup ¶

type CGroup interface {
	ThrottleMemory(bytes uint64) error
	LimitMemory(bytes uint64) error
	LimitCPU(duration time.Duration) error

	Put(process *os.Process) error

	Monitor(ctx context.Context) context.Context

	Usage() CGroupUsage
	Error() error
}

CGroup limits processes's memory and cpu usage using linux cgroup.

type CGroupUsage ¶

type CGroupUsage struct {
	Memory uint64
	CPU    time.Duration
}

CGroupUsage represent process usage monitored using cgroup.

type FS ¶

type FS interface {
	Load(imagePath string, uid, gid int) error
	Chroot(imagePath string) error
	Bind(imagePath string, bind ugrade.FSBind, uid, gid int) (FSUnbind, error)
}

FS used to creating filesystem inside sandbox

type FSUnbind ¶

type FSUnbind func() error

FSUnbind unmount the mounted filesystem using bind

type Guard ¶

type Guard interface {
	Run(ctx context.Context, cmd ugrade.Command) (ugrade.Usage, error)
}

Guard run `Command` and monitor system resource limit, and kill process when exceeding the limit.

type Jail ¶

type Jail interface {
	Run(
		imagePath,
		workingDirectory string,
		uid,
		gid uint32,
		binds []ugrade.FSBind,
		stdin,
		stdout,
		stderr,
		commandPath string,
		args []string,
	) error
}

Jail run process inside new chrooted directory and cloned namespace

type RLimit ¶

type RLimit interface {
	LimitOpenFile(nopenfile uint64) error
	LimitFSize(fsize uint64) error
	LimitNProcess(nproc uint64) error
	LimitStack(stackSize uint64) error
}

RLimit limit current process resource using linux rlimit.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cgroup
cpu
killer
memory
preparation
fs
guard
jail
rlimit
uid

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL