gvisor: gvisor.dev/gvisor


pkg/abiPackage abi describes the interface between a kernel and userspace.
pkg/abi/linuxPackage linux contains the constants and types needed to interface with a Linux kernel.
pkg/amutexPackage amutex provides the implementation of an abortable mutex.
pkg/atomicbitopsPackage atomicbitops provides extensions to the sync/atomic package.
pkg/binaryPackage binary translates between select fixed-sized types and a binary representation.
pkg/bitsPackage bits includes all bit related types and operations.
pkg/bpfPackage bpf provides tools for working with Berkeley Packet Filter (BPF) programs.
pkg/bufferPackage buffer provides the implementation of a buffer view.
pkg/cleanupPackage cleanup provides utilities to clean "stuff" on defers.
pkg/compressioPackage compressio provides parallel compression and decompression, as well as optional SHA-256 hashing.
pkg/contextPackage context defines an internal context type.
pkg/control/clientPackage client provides a basic control client interface.
pkg/control/serverPackage server provides a basic control server interface.
pkg/coveragePackage coverage provides an interface through which Go coverage data can be collected, converted to kcov format, and exposed to userspace.
pkg/cpuidPackage cpuid provides basic functionality for creating and adjusting CPU feature sets.
pkg/cryptoPackage crypto wraps crypto primitives.
pkg/eventchannelPackage eventchannel contains functionality for sending any protobuf message on a socketpair.
pkg/fdPackage fd provides types for working with file descriptors.
pkg/fdchannelPackage fdchannel implements passing file descriptors between processes over Unix domain sockets.
pkg/fdnotifierPackage fdnotifier contains an adapter that translates IO events (e.g., a file became readable/writable) from native FDs to the notifications in the waiter package.
pkg/flipcallPackage flipcall implements a protocol providing Fast Local Interprocess Procedure Calls between mutually-distrusting processes.
pkg/fspathPackage fspath provides efficient tools for working with file paths in Linux-compatible filesystem implementations.
pkg/gatePackage gate provides a usage Gate synchronization primitive.
pkg/gohacksPackage gohacks contains utilities for subverting the Go compiler.
pkg/goidPackage goid provides the Get function.
pkg/ilistPackage ilist provides the implementation of intrusive linked lists.
pkg/iovecPackage iovec provides helpers to interact with vectorized I/O on host system.
pkg/linewriterPackage linewriter provides an io.Writer which calls an emitter on each line.
pkg/logPackage log implements a library for logging.
pkg/marshalPackage marshal defines the Marshallable interface for serialize/deserializing go data structures to/from memory, according to the Linux ABI.
pkg/marshal/primitivePackage primitive defines marshal.Marshallable implementations for primitive types.
pkg/memutilPackage memutil provides a wrapper for the memfd_create() system call.
pkg/merkletreePackage merkletree implements Merkle tree generating and verification.
pkg/metricPackage metric provides primitives for collecting metrics.
pkg/p9Package p9 is a 9P2000.L implementation.
pkg/p9/p9testPackage p9test provides standard mocks for p9.
pkg/poolPackage pool provides a trivial integer pool.
pkg/procidPackage procid provides a way to get the current system thread identifier.
pkg/randPackage rand implements a cryptographically secure pseudorandom number generator.
pkg/refsPackage refs defines an interface for reference counted objects.
pkg/safecopyPackage safecopy provides an efficient implementation of functions to access memory that may result in SIGSEGV or SIGBUS being sent to the accessor.
pkg/safememPackage safemem provides the Block and BlockSeq types.
pkg/secioPackage secio provides support for sectioned I/O.
pkg/segmentPackage segment provides tools for working with collections of segments.
pkg/segment/testPackage segment is a test package.
pkg/sentry/archPackage arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc.
pkg/sentry/contexttestPackage contexttest builds a test context.Context.
pkg/sentry/controlPackage control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process.
pkg/sentry/devicePackage device defines reserved virtual kernel devices and structures for managing them.
pkg/sentry/devices/memdevPackage memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c.
pkg/sentry/devices/ttydevPackage ttydev implements an unopenable vfs.Device for /dev/tty.
pkg/sentry/devices/tundevPackage tundev implements the /dev/net/tun device.
pkg/sentry/fsPackage fs implements a virtual filesystem layer.
pkg/sentry/fs/anonPackage anon implements an anonymous inode, useful for implementing inodes for pseudo filesystems.
pkg/sentry/fsbridgePackage fsbridge provides common interfaces to bridge between VFS1 and VFS2 files.
pkg/sentry/fs/devPackage dev provides a filesystem with simple devices.
pkg/sentry/fs/fdpipePackage fdpipe implements common namedpipe opening and accessing logic.
pkg/sentry/fs/filetestPackage filetest provides a test implementation of an fs.File.
pkg/sentry/fs/fsutilPackage fsutil provides utilities for implementing fs.InodeOperations and fs.FileOperations:
pkg/sentry/fs/goferPackage gofer implements a remote 9p filesystem.
pkg/sentry/fs/hostPackage host supports file descriptors imported directly.
pkg/sentry/fsimpl/devptsPackage devpts provides a filesystem implementation that behaves like devpts.
pkg/sentry/fsimpl/devtmpfsPackage devtmpfs provides an implementation of /dev based on tmpfs, analogous to Linux's devtmpfs.
pkg/sentry/fsimpl/eventfdPackage eventfd implements event fds.
pkg/sentry/fsimpl/extPackage ext implements readonly ext(2/3/4) filesystems.
pkg/sentry/fsimpl/ext/disklayoutPackage disklayout provides Linux ext file system's disk level structures which can be directly read into from the underlying device.
pkg/sentry/fsimpl/fusePackage fuse implements fusefs.
pkg/sentry/fsimpl/goferPackage gofer provides a filesystem implementation that is backed by a 9p server, interchangably referred to as "gofers" throughout this package.
pkg/sentry/fsimpl/hostPackage host provides a filesystem implementation for host files imported as file descriptors.
pkg/sentry/fsimpl/kernfsPackage kernfs provides the tools to implement inode-based filesystems.
pkg/sentry/fsimpl/overlayPackage overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer").
pkg/sentry/fsimpl/pipefsPackage pipefs provides the filesystem implementation backing Kernel.PipeMount.
pkg/sentry/fsimpl/procPackage proc implements a partial in-memory file system for procfs.
pkg/sentry/fsimpl/signalfdPackage signalfd provides basic signalfd file implementations.
pkg/sentry/fsimpl/sockfsPackage sockfs provides a filesystem implementation for anonymous sockets.
pkg/sentry/fsimpl/sysPackage sys implements sysfs.
pkg/sentry/fsimpl/testutilPackage testutil provides common test utilities for kernfs-based filesystems.
pkg/sentry/fsimpl/timerfdPackage timerfd implements timer fds.
pkg/sentry/fsimpl/verityPackage verity provides a filesystem implementation that is a wrapper of another file system.
pkg/sentry/fs/lockPackage lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks.
pkg/sentry/fsmetricPackage fsmetric defines filesystem metrics that are used by both VFS1 and VFS2.
pkg/sentry/fs/procPackage proc implements a partial in-memory file system for profs.
pkg/sentry/fs/proc/devicePackage device contains the proc device to avoid dependency loops.
pkg/sentry/fs/proc/seqfilePackage seqfile provides dynamic ordered files.
pkg/sentry/fs/ramfsPackage ramfs provides the fundamentals for a simple in-memory filesystem.
pkg/sentry/fs/sysPackage sys implements a sysfs filesystem.
pkg/sentry/fs/timerfdPackage timerfd implements the semantics of Linux timerfd objects as described by timerfd_create(2).
pkg/sentry/fs/tmpfsPackage tmpfs is a filesystem implementation backed by memory.
pkg/sentry/fs/ttyPackage tty provide pseudoterminals via a devpts filesystem.
pkg/sentry/fs/userPackage user contains methods for resolving filesystem paths based on the user and their environment.
pkg/sentry/hostcpuPackage hostcpu provides utilities for working with CPU information provided by a host Linux kernel.
pkg/sentry/hostfdPackage hostfd provides efficient I/O with host file descriptors.
pkg/sentry/hostmmPackage hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem.
pkg/sentry/inetPackage inet defines semantics for IP stacks.
pkg/sentry/kernelPackage kernel provides an emulation of the Linux kernel.
pkg/sentry/kernel/authPackage auth implements an access control model that is a subset of Linux's.
pkg/sentry/kernel/contexttestPackage contexttest provides a test context.Context which includes a dummy kernel pointing to a valid platform.
pkg/sentry/kernel/epollPackage epoll provides an implementation of Linux's IO event notification facility.
pkg/sentry/kernel/eventfdPackage eventfd provides an implementation of Linux's file-based event notification.
pkg/sentry/kernel/fasyncPackage fasync provides FIOASYNC related functionality.
pkg/sentry/kernel/futexPackage futex provides an implementation of the futex interface as found in the Linux kernel.
pkg/sentry/kernel/memeventPackage memevent implements the memory usage events controller, which periodically emits events via the eventchannel.
pkg/sentry/kernel/pipePackage pipe provides a pipe implementation.
pkg/sentry/kernel/schedPackage sched implements scheduler related features.
pkg/sentry/kernel/semaphorePackage semaphore implements System V semaphores.
pkg/sentry/kernel/shmPackage shm implements sysv shared memory segments.
pkg/sentry/kernel/signalfdPackage signalfd provides an implementation of signal file descriptors.
pkg/sentry/kernel/timePackage time defines the Timer type, which provides a periodic timer that works by sampling a user-provided clock.
pkg/sentry/limitsPackage limits provides resource limits.
pkg/sentry/loaderPackage loader loads an executable file into a MemoryManager.
pkg/sentry/loader/vdsodataPackage vdsodata contains a compiled VDSO object.
pkg/sentry/memmapPackage memmap defines semantics for memory mappings.
pkg/sentry/mmPackage mm provides a memory management subsystem.
pkg/sentry/pgallocPackage pgalloc contains the page allocator subsystem, which manages memory that may be mapped into application address spaces.
pkg/sentry/platformPackage platform provides a Platform abstraction.
pkg/sentry/platform/interruptPackage interrupt provides an interrupt helper.
pkg/sentry/platform/kvmPackage kvm provides a kvm-based implementation of the platform interface.
pkg/sentry/platform/kvm/testutilPackage testutil provides common assembly stubs for testing.
pkg/sentry/platform/ptracePackage ptrace provides a ptrace-based implementation of the platform interface.
pkg/sentry/platform/ring0Package ring0 provides basic operating system-level stubs.
pkg/sentry/platform/ring0/gen_offsetsBinary gen_offsets is a helper for generating offset headers.
pkg/sentry/platform/ring0/pagetablesPackage pagetables provides a generic implementation of pagetables.
pkg/sentry/sighandlingPackage sighandling contains helpers for handling signals to applications.
pkg/sentry/socketPackage socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation.
pkg/sentry/socket/controlPackage control provides internal representations of socket control messages.
pkg/sentry/socket/hostinetPackage hostinet implements AF_INET and AF_INET6 sockets using the host's network stack.
pkg/sentry/socket/netfilterPackage netfilter helps the sentry interact with netstack's netfilter capabilities.
pkg/sentry/socket/netlink/portPackage port provides port ID allocation for netlink sockets.
pkg/sentry/socket/netlink/routePackage route provides a NETLINK_ROUTE socket protocol.
pkg/sentry/socket/netlink/ueventPackage uevent provides a NETLINK_KOBJECT_UEVENT socket protocol.
pkg/sentry/socket/netstackPackage netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint.
pkg/sentry/socket/unixPackage unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family.
pkg/sentry/socket/unix/transportPackage transport contains the implementation of Unix endpoints.
pkg/sentry/statePackage state provides high-level state wrappers.
pkg/sentry/stracePackage strace implements the logic to print out the input and the return value of each traced syscall.
pkg/sentry/syscallsPackage syscalls is the interface from the application to the kernel.
pkg/sentry/syscalls/linuxPackage linux provides syscall tables for amd64 Linux.
pkg/sentry/syscalls/linux/vfs2Package vfs2 provides syscall implementations that use VFS2.
pkg/sentry/timePackage time provides a calibrated clock synchronized to a system reference clock.
pkg/sentry/unimplPackage unimpl contains interface to emit events about unimplemented features.
pkg/sentry/uniqueidPackage uniqueid defines context.Context keys for obtaining system-wide unique identifiers.
pkg/sentry/usagePackage usage provides representations of resource usage.
pkg/sentry/vfsPackage vfs implements a virtual filesystem layer.
pkg/sentry/vfs/genericfstreePackage genericfstree provides tools for implementing vfs.FilesystemImpls where a single statically-determined lock or set of locks is sufficient to ensure that a Dentry's name and parent are contextually immutable.
pkg/sentry/vfs/memxattrPackage memxattr provides a default, in-memory extended attribute implementation.
pkg/sentry/watchdogPackage watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hungs in the untrusted app.
pkg/shim/procPackage proc is responsible to manage the communication between the shim and the sandbox process running the container.
pkg/shim/runscPackage runsc provides an API to interact with runsc command line.
pkg/shim/runtimeoptionsPackage runtimeoptions contains the runtimeoptions proto.
pkg/shim/utilsPackage utils container miscellaneous utility function used by the shim.
pkg/shim/v1/procPackage proc contains process-related utilities.
pkg/shim/v1/shimPackage shim contains the core containerd shim implementation.
pkg/shim/v1/utilsPackage utils contains utility functions.
pkg/shim/v2Package v2 implements Containerd Shim v2 interface.
pkg/shim/v2/runtimeoptionsPackage runtimeoptions contains the runtimeoptions proto.
pkg/sleepPackage sleep allows goroutines to efficiently sleep on multiple sources of notifications (wakers).
pkg/statePackage state provides functionality related to saving and loading object graphs.
pkg/state/prettyPackage pretty is a pretty-printer for state streams.
pkg/state/statefilePackage statefile defines the state file data stream.
pkg/state/testsPackage tests tests the state packages.
pkg/state/wirePackage wire contains a few basic types that can be composed to serialize graph information for the state package.
pkg/synceventPackage syncevent provides efficient primitives for goroutine synchronization based on event bitmasks.
pkg/syserrPackage syserr contains sandbox-internal errors.
pkg/syserrorPackage syserror contains syscall error codes exported as error interface instead of Errno.
pkg/tcpipPackage tcpip provides the interfaces and related types that users of the tcpip stack will use in order to create endpoints used to send and receive data over the network stack.
pkg/tcpip/adapters/gonetPackage gonet provides a Go net package compatible wrapper for a tcpip stack.
pkg/tcpip/bufferPackage buffer provides the implementation of a buffer view.
pkg/tcpip/checkerPackage checker provides helper functions to check networking packets for validity.
pkg/tcpip/faketimePackage faketime provides a fake clock that implements tcpip.Clock interface.
pkg/tcpip/hash/jenkinsPackage jenkins implements Jenkins's one_at_a_time, non-cryptographic hash functions created by by Bob Jenkins.
pkg/tcpip/headerPackage header provides the implementation of the encoding and decoding of network protocol headers.
pkg/tcpip/header/parsePackage parse provides utilities to parse packets.
pkg/tcpip/link/channelPackage channel provides the implemention of channel-based data-link layer endpoints.
pkg/tcpip/link/ethernetPackage ethernet provides an implementation of an ethernet link endpoint that wraps an inner link endpoint.
pkg/tcpip/link/fdbasedPackage fdbased provides the implemention of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets).
pkg/tcpip/link/loopbackPackage loopback provides the implemention of loopback data-link layer endpoints.
pkg/tcpip/link/muxedPackage muxed provides a muxed link endpoints.
pkg/tcpip/link/nestedPackage nested provides helpers to implement the pattern of nested stack.LinkEndpoints.
pkg/tcpip/link/packetsocketPackage packetsocket provides a link layer endpoint that provides the ability to loop outbound packets to any AF_PACKET sockets that may be interested in the outgoing packet.
pkg/tcpip/link/pipePackage pipe provides the implementation of pipe-like data-link layer endpoints.
pkg/tcpip/link/qdisc/fifoPackage fifo provides the implementation of data-link layer endpoints that wrap another endpoint and queues all outbound packets and asynchronously dispatches them to the lower endpoint.
pkg/tcpip/link/rawfilePackage rawfile contains utilities for using the netstack with raw host files on Linux hosts.
pkg/tcpip/link/sharedmemPackage sharedmem provides the implemention of data-link layer endpoints backed by shared memory.
pkg/tcpip/link/sharedmem/pipePackage pipe implements a shared memory ring buffer on which a single reader and a single writer can operate (read/write) concurrently.
pkg/tcpip/link/sharedmem/queuePackage queue provides the implementation of transmit and receive queues based on shared memory ring buffers.
pkg/tcpip/link/snifferPackage sniffer provides the implementation of data-link layer endpoints that wrap another endpoint and logs inbound and outbound packets.
pkg/tcpip/link/tunPackage tun contains methods to open TAP and TUN devices.
pkg/tcpip/link/waitablePackage waitable provides the implementation of data-link layer endpoints that wrap other endpoints, and can wait for inflight calls to WritePacket or DeliverNetworkPacket to finish (and new ones to be prevented).
pkg/tcpip/network/arpPackage arp implements the ARP network protocol.
pkg/tcpip/network/fragmentationPackage fragmentation contains the implementation of IP fragmentation.
pkg/tcpip/network/hashPackage hash contains utility functions for hashing.
pkg/tcpip/network/ipPackage ip holds IPv4/IPv6 common utilities.
pkg/tcpip/network/ipv4Package ipv4 contains the implementation of the ipv4 network protocol.
pkg/tcpip/network/ipv6Package ipv6 contains the implementation of the ipv6 network protocol.
pkg/tcpip/network/testutilPackage testutil defines types and functions used to test Network Layer functionality such as IP fragmentation.
pkg/tcpip/portsPackage ports provides PortManager that manages allocating, reserving and releasing ports.
pkg/tcpip/seqnumPackage seqnum defines the types and methods for TCP sequence numbers such that they fit in 32-bit words and work properly when overflows occur.
pkg/tcpip/stackPackage stack provides the glue between networking protocols and the consumers of the networking stack.
pkg/tcpip/transport/icmpPackage icmp contains the implementation of the ICMP and IPv6-ICMP transport protocols for use in ping.
pkg/tcpip/transport/packetPackage packet provides the implementation of packet sockets (see packet(7)).
pkg/tcpip/transport/rawPackage raw provides the implementation of raw sockets (see raw(7)).
pkg/tcpip/transport/tcpconntrackPackage tcpconntrack implements a TCP connection tracking object.
pkg/tcpip/transport/tcp/testing/contextPackage context provides a test context for use in tcp tests.
pkg/tcpip/transport/udpPackage udp contains the implementation of the UDP transport protocol.
pkg/test/criutilPackage criutil contains utility functions for interacting with the Container Runtime Interface (CRI), principally via the crictl command line tool.
pkg/test/dockerutilPackage dockerutil is a collection of utility functions.
pkg/test/testutilPackage testutil contains utility functions for runsc tests.
pkg/unetPackage unet provides a minimal net package based on Unix Domain Sockets.
pkg/urpcPackage urpc provides a minimal RPC package based on unet.
pkg/usermemPackage usermem governs access to user memory.
pkg/waiterPackage waiter provides the implementation of a wait queue, where waiters can be enqueued to be notified when an event of interest happens.
runscBinary runsc implements the OCI runtime interface.
runsc/bootPackage boot loads the kernel and runs a container.
runsc/boot/filterPackage filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
runsc/boot/platformsPackage platforms imports all available platform packages.
runsc/boot/pprofPackage pprof provides a stub to initialize custom profilers.
runsc/cgroupPackage cgroup provides an interface to read and write configuration to cgroup.
runsc/cliPackage cli is the main entrypoint for runsc.
runsc/cmdPackage cmd holds implementations of the runsc commands.
runsc/configPackage config provides basic infrastructure to set configuration settings for runsc.
runsc/consolePackage console contains utilities for working with pty consols in runsc.
runsc/containerPackage container creates and manipulates containers.
runsc/flagPackage flag wraps flag primitives.
runsc/fsgoferPackage fsgofer implements p9.File giving access to local files using a simple mapping from a path prefix that is added to the path requested by the sandbox.
runsc/fsgofer/filterPackage filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
runsc/sandboxPackage sandbox creates and manipulates sandboxes.
runsc/specutilsPackage specutils contains utility functions for working with OCI runtime specs.
runsc/specutils/seccompPackage seccomp implements some features of libseccomp in order to support OCI.
shimBinary containerd-shim-runsc-v1 is the v2 containerd shim (implementing the formal v1 API).
shim/cliPackage cli defines the command line interface for the V2 shim.
tools/bigqueryPackage bigquery defines a BigQuery schema for benchmarks.
tools/checkescapePackage checkescape allows recursive escape analysis for hot paths.
tools/checkescape/test1Package test1 is a test package.
tools/checkescape/test2Package test2 is a test package that imports test1.
tools/checkunsafePackage checkunsafe allows unsafe imports only in files named appropriately.
tools/githubBinary github is the entry point for GitHub utilities.
tools/github/nogoPackage nogo provides nogo-related utilities.
tools/github/reviverPackage reviver scans the code looking for TODOs and pass them to registered Buggers to ensure TODOs point to active issues.
tools/go_genericsgo_generics reads a Go source file and writes a new version of that file with a few transformations applied to each.
tools/go_generics/globalsPackage globals provides an AST visitor that calls the visit function for all global identifiers.
tools/go_marshalgo_marshal is a code generation utility for automatically generating code to marshal go data structures to memory.
tools/go_marshal/analysisPackage analysis implements common functionality used by generated go_marshal tests.
tools/go_marshal/gomarshalPackage gomarshal implements the go_marshal code generator.
tools/go_marshal/primitivePackage primitive defines marshal.Marshallable implementations for primitive types.
tools/go_stateifyStateify provides a simple way to generate Load/Save methods based on existing types and struct tags.
tools/nogoPackage nogo implements binary analysis similar to bazel's nogo, or the unitchecker package.
tools/nogo/checkBinary check is the nogo entrypoint.
tools/nogo/filterBinary check is the nogo entrypoint.
tools/tagsPackage tags is a utility for parsing build tags.
webhookBinary main serves a mutating Kubernetes webhook.
webhook/pkg/cliPackage cli provides a CLI interface for a mutating Kubernetes webhook.
webhook/pkg/injectorPackage injector handles mutating webhook operations.

Updated 2021-01-27. Refresh now. Tools for package owners.