isolator

package module

v0.12.0 Latest Latest Go to latest Published: Jul 29, 2023 License: MIT Imports: 17 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/outofforest/isolator

Links

Open Source Insights

README ¶

Isolator

The goal of this library is to run shell commands in isolation using linux namespaces. It may be called from any other program requiring to run some operation inside container.

The goal of this library is not to be compliant with opencontainers spec. It rather provides functionality required in my other projects.

How to use it

Take a look at examples

Features

library may be used by other software instantly, it doesn't depend on starting another instance of /proc/self/exe like other libraries do,
root permissions are not required to run a container,
runs commands inside PID, NS, USER, IPC and UTS namespaces. NET namespace is not used to make an internet available to container instantly,
communication is done in JSON format using stdin and stdout as transport layer,
logs printed by executed command are transmitted back to the caller,
/proc is mounted inside container and populated with in-container processes,
/dev is populated with basic devices: null, zero, random, urandom by binding them to those existing on host,
tmpfs is mounted on /tmp,
DNS inside container is set to 8.8.8.8 and 8.8.4.4 by populating /etc/resolv.conf,
library supports mounting custom locations inside container (mounts may be writable or read-only).

Documentation ¶

Index ¶

func Run(ctx context.Context, config Config, clientFunc ClientFunc) error
type ClientFunc
type Config
type ExposedPort

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Run ¶ added in v0.6.0

func Run(ctx context.Context, config Config, clientFunc ClientFunc) error

Run runs executor server and communication channel.

Types ¶

type ClientFunc ¶ added in v0.9.0

type ClientFunc func(ctx context.Context, incoming <-chan interface{}, outgoing chan<- interface{}) error

ClientFunc defines the client function for isolator.

type Config ¶

type Config struct {
	// Types defines the list of allowed types transferred between isolator and executor server.
	Types []interface{}

	// ExecutorArg is the CLI arg on calling binary which starts the executor server.
	// See `executor.Catch`.
	ExecutorArg string

	// Directory where root filesystem exists.
	Dir string

	// ExposedPorts is the list of ports to expose.
	ExposedPorts []ExposedPort

	// Executor stores configuration passed to executor.
	Executor wire.Config
}

Config stores configuration of isolator.

type ExposedPort ¶ added in v0.9.0

type ExposedPort struct {
	Protocol     string
	ExternalIP   net.IP
	ExternalPort uint16
	InternalPort uint16
	Public       bool
}

ExposedPort defines a port to be exposed from the namespace.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
examples
docker
embedded
execute
executor
initprocess
lib
docker
firewall
libhttp
retry
task
tcontext
test
network
scenarios
wire

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL