selfcontain

package module
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2023 License: GPL-3.0 Imports: 18 Imported by: 0

Documentation

Overview

The selfcontain package provides a containment structure to move the current process inside a restricted container.

This is accomplished thanks to runc/libcontainer library which in turns uses C bindings to namespace primitives. Containment is not much configurable and is fine-tuned to hepto itself.

Index

Constants

View Source 
const ACCEPT_DFTRTR = "net.ipv6.conf.eth0.accept_ra_defrtr"
View Source 
const ACCEPT_PINFO = "net.ipv6.conf.eth0.accept_ra_pinfo"
View Source 
const ACCEPT_RA = "net.ipv6.conf.eth0.accept_ra"

Variables

This section is empty.

Functions

func Evacuate 

func Evacuate() error

Evacuate cgroups, which is required for many in-container use cases Remaining in the root cgroup would prevent creating any domain sub-cgroup

func RunWithArgs 

func RunWithArgs(config *Config, args []string) error

Run the current program inside a container with given arguments

Types

type Config 

type Config struct {
	// Logger interface
	Logger logr.Logger
	// Container name
	Name string
	// Path to container data storage
	Data string
	// Name of the master interface for IPvlan
	Master string
	// Public IP of the container, can be nulled for autoconfiguration
	IP net.IPNet
	// Default gateway for the container, can be nulled for autoconfiguration
	GW net.IP
	// List of DNS servers for the container
	DNS []net.IP
	// List of non-standard capabilities (required capabilities are always enabled)
	Capabilities []string
	// List of non-standard devices
	Devices []string
	// List of non-standard bind-mounts
	Mounts map[string]string
}

Selfcontain configuration

type Container 

type Container struct {
	// contains filtered or unexported fields
}

A selfcontain container, that supports starting and running commands inside a started container

func Get 

func Get(config *Config) (*Container, error)

Containerize the current process by runnig the current binary inside a container This creates the container if it does not exist yet or returns a running container, it does not start the container itself.

func (*Container) Destroy 

func (c *Container) Destroy() error

Destroy the container after force-stopping it This removes all container configuration

func (*Container) Exec 

func (c *Container) Exec(args []string) error

Run a given command inside a started container

func (*Container) GetNS 

func (c *Container) GetNS(nsType configs.NamespaceType) (string, error)

Get a namespace for the given namespace type inside the current container

func (*Container) Run 

func (c *Container) Run() error

Actually run the container and block until the process has returned

func (*Container) SetupNetworking 

func (c *Container) SetupNetworking(etc string) error

Setup networking inside the container This must be called from outside the container, since it requires both access to the host networking stack and the namespace networking stack

func (*Container) Start 

func (c *Container) Start(args []string) error

Start a non-running container with given arguments The command is always the current binary (hence selfcontain) This does not actually run anything, even the current binary is kept waiting for a call to Run()

func (*Container) Stop added in v0.2.1 

func (c *Container) Stop() error

Stop the container

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.