| Path | Synopsis |
|---|---|
| pkg/abi | Package abi describes the interface between a kernel and userspace. |
| pkg/abi/linux | Package linux contains the constants and types needed to interface with a Linux kernel. |
| pkg/amutex | Package amutex provides the implementation of an abortable mutex. |
| pkg/atomicbitops | Package atomicbitops provides extensions to the sync/atomic package. |
| pkg/binary | Package binary translates between select fixed-sized types and a binary representation. |
| pkg/bits | Package bits includes all bit related types and operations. |
| pkg/bpf | Package bpf provides tools for working with Berkeley Packet Filter (BPF) programs. |
| pkg/buffer | Package buffer provides the implementation of a buffer view. |
| pkg/cleanup | Package cleanup provides utilities to clean "stuff" on defers. |
| pkg/compressio | Package compressio provides parallel compression and decompression, as well as optional SHA-256 hashing. |
| pkg/context | Package context defines an internal context type. |
| pkg/control/client | Package client provides a basic control client interface. |
| pkg/control/server | Package server provides a basic control server interface. |
| pkg/coverage | Package coverage provides an interface through which Go coverage data can be collected, converted to kcov format, and exposed to userspace. |
| pkg/cpuid | Package cpuid provides basic functionality for creating and adjusting CPU feature sets. |
| pkg/eventchannel | Package eventchannel contains functionality for sending any protobuf message on a socketpair. |
| pkg/fd | Package fd provides types for working with file descriptors. |
| pkg/fdchannel | Package fdchannel implements passing file descriptors between processes over Unix domain sockets. |
| pkg/fdnotifier | Package fdnotifier contains an adapter that translates IO events (e.g., a file became readable/writable) from native FDs to the notifications in the waiter package. |
| pkg/flipcall | Package flipcall implements a protocol providing Fast Local Interprocess Procedure Calls between mutually-distrusting processes. |
| pkg/fspath | Package fspath provides efficient tools for working with file paths in Linux-compatible filesystem implementations. |
| pkg/gate | Package gate provides a usage Gate synchronization primitive. |
| pkg/gohacks | Package gohacks contains utilities for subverting the Go compiler. |
| pkg/goid | Package goid provides access to the ID of the current goroutine in race/gotsan builds. |
| pkg/ilist | Package ilist provides the implementation of intrusive linked lists. |
| pkg/iovec | Package iovec provides helpers to interact with vectorized I/O on host system. |
| pkg/linewriter | Package linewriter provides an io.Writer which calls an emitter on each line. |
| pkg/log | Package log implements a library for logging. |
| pkg/marshal | Package marshal defines the Marshallable interface for serialize/deserializing go data structures to/from memory, according to the Linux ABI. |
| pkg/marshal/primitive | Package primitive defines marshal.Marshallable implementations for primitive types. |
| pkg/memutil | Package memutil provides a wrapper for the memfd_create() system call. |
| pkg/merkletree | Package merkletree implements Merkle tree generating and verification. |
| pkg/metric | Package metric provides primitives for collecting metrics. |
| pkg/p9 | Package p9 is a 9P2000.L implementation. |
| pkg/p9/p9test | Package p9test provides standard mocks for p9. |
| pkg/pool | |
| pkg/procid | Package procid provides a way to get the current system thread identifier. |
| pkg/rand | Package rand implements a cryptographically secure pseudorandom number generator. |
| pkg/refs | Package refs defines an interface for reference counted objects. |
| pkg/safecopy | Package safecopy provides an efficient implementation of functions to access memory that may result in SIGSEGV or SIGBUS being sent to the accessor. |
| pkg/safemem | Package safemem provides the Block and BlockSeq types. |
| pkg/secio | Package secio provides support for sectioned I/O. |
| pkg/segment | Package segment provides tools for working with collections of segments. |
| pkg/segment/test | |
| pkg/sentry/arch | Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc. |
| pkg/sentry/contexttest | Package contexttest builds a test context.Context. |
| pkg/sentry/control | Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process. |
| pkg/sentry/device | Package device defines reserved virtual kernel devices and structures for managing them. |
| pkg/sentry/devices/memdev | Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c. |
| pkg/sentry/devices/ttydev | Package ttydev implements an unopenable vfs.Device for /dev/tty. |
| pkg/sentry/devices/tundev | Package tundev implements the /dev/net/tun device. |
| pkg/sentry/fdimport | |
| pkg/sentry/fs | Package fs implements a virtual filesystem layer. |
| pkg/sentry/fs/anon | Package anon implements an anonymous inode, useful for implementing inodes for pseudo filesystems. |
| pkg/sentry/fsbridge | Package fsbridge provides common interfaces to bridge between VFS1 and VFS2 files. |
| pkg/sentry/fs/dev | Package dev provides a filesystem with simple devices. |
| pkg/sentry/fs/fdpipe | Package fdpipe implements common namedpipe opening and accessing logic. |
| pkg/sentry/fs/filetest | Package filetest provides a test implementation of an fs.File. |
| pkg/sentry/fs/fsutil | Package fsutil provides utilities for implementing fs.InodeOperations and fs.FileOperations: |
| pkg/sentry/fs/gofer | Package gofer implements a remote 9p filesystem. |
| pkg/sentry/fs/host | Package host supports file descriptors imported directly. |
| pkg/sentry/fsimpl/devpts | Package devpts provides a filesystem implementation that behaves like devpts. |
| pkg/sentry/fsimpl/devtmpfs | Package devtmpfs provides an implementation of /dev based on tmpfs, analogous to Linux's devtmpfs. |
| pkg/sentry/fsimpl/eventfd | Package eventfd implements event fds. |
| pkg/sentry/fsimpl/ext | Package ext implements readonly ext(2/3/4) filesystems. |
| pkg/sentry/fsimpl/ext/disklayout | Package disklayout provides Linux ext file system's disk level structures which can be directly read into from the underlying device. |
| pkg/sentry/fsimpl/fuse | Package fuse implements fusefs. |
| pkg/sentry/fsimpl/gofer | Package gofer provides a filesystem implementation that is backed by a 9p server, interchangably referred to as "gofers" throughout this package. |
| pkg/sentry/fsimpl/host | Package host provides a filesystem implementation for host files imported as file descriptors. |
| pkg/sentry/fsimpl/kernfs | Package kernfs provides the tools to implement inode-based filesystems. |
| pkg/sentry/fsimpl/overlay | Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer"). |
| pkg/sentry/fsimpl/pipefs | Package pipefs provides the filesystem implementation backing Kernel.PipeMount. |
| pkg/sentry/fsimpl/proc | Package proc implements a partial in-memory file system for procfs. |
| pkg/sentry/fsimpl/signalfd | |
| pkg/sentry/fsimpl/sockfs | Package sockfs provides a filesystem implementation for anonymous sockets. |
| pkg/sentry/fsimpl/sys | Package sys implements sysfs. |
| pkg/sentry/fsimpl/testutil | Package testutil provides common test utilities for kernfs-based filesystems. |
| pkg/sentry/fsimpl/timerfd | Package timerfd implements timer fds. |
| pkg/sentry/fsimpl/verity | Package verity provides a filesystem implementation that is a wrapper of another file system. |
| pkg/sentry/fs/lock | Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks. |
| pkg/sentry/fs/proc | Package proc implements a partial in-memory file system for profs. |
| pkg/sentry/fs/proc/device | Package device contains the proc device to avoid dependency loops. |
| pkg/sentry/fs/proc/seqfile | Package seqfile provides dynamic ordered files. |
| pkg/sentry/fs/ramfs | Package ramfs provides the fundamentals for a simple in-memory filesystem. |
| pkg/sentry/fs/sys | Package sys implements a sysfs filesystem. |
| pkg/sentry/fs/timerfd | Package timerfd implements the semantics of Linux timerfd objects as described by timerfd_create(2). |
| pkg/sentry/fs/tmpfs | Package tmpfs is a filesystem implementation backed by memory. |
| pkg/sentry/fs/tty | Package tty provide pseudoterminals via a devpts filesystem. |
| pkg/sentry/fs/user | Package user contains methods for resolving filesystem paths based on the user and their environment. |
| pkg/sentry/hostcpu | Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel. |
| pkg/sentry/hostfd | Package hostfd provides efficient I/O with host file descriptors. |
| pkg/sentry/hostmm | Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem. |
| pkg/sentry/inet | Package inet defines semantics for IP stacks. |
| pkg/sentry/kernel | Package kernel provides an emulation of the Linux kernel. |
| pkg/sentry/kernel/auth | Package auth implements an access control model that is a subset of Linux's. |
| pkg/sentry/kernel/contexttest | Package contexttest provides a test context.Context which includes a dummy kernel pointing to a valid platform. |
| pkg/sentry/kernel/epoll | Package epoll provides an implementation of Linux's IO event notification facility. |
| pkg/sentry/kernel/eventfd | Package eventfd provides an implementation of Linux's file-based event notification. |
| pkg/sentry/kernel/fasync | Package fasync provides FIOASYNC related functionality. |
| pkg/sentry/kernel/futex | Package futex provides an implementation of the futex interface as found in the Linux kernel. |
| pkg/sentry/kernel/memevent | Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel. |
| pkg/sentry/kernel/pipe | Package pipe provides a pipe implementation. |
| pkg/sentry/kernel/sched | Package sched implements scheduler related features. |
| pkg/sentry/kernel/semaphore | Package semaphore implements System V semaphores. |
| pkg/sentry/kernel/shm | Package shm implements sysv shared memory segments. |
| pkg/sentry/kernel/signalfd | Package signalfd provides an implementation of signal file descriptors. |
| pkg/sentry/kernel/time | Package time defines the Timer type, which provides a periodic timer that works by sampling a user-provided clock. |
| pkg/sentry/limits | Package limits provides resource limits. |
| pkg/sentry/loader | Package loader loads an executable file into a MemoryManager. |
| pkg/sentry/memmap | Package memmap defines semantics for memory mappings. |
| pkg/sentry/mm | Package mm provides a memory management subsystem. |
| pkg/sentry/pgalloc | Package pgalloc contains the page allocator subsystem, which manages memory that may be mapped into application address spaces. |
| pkg/sentry/platform | Package platform provides a Platform abstraction. |
| pkg/sentry/platform/interrupt | Package interrupt provides an interrupt helper. |
| pkg/sentry/platform/kvm | Package kvm provides a kvm-based implementation of the platform interface. |
| pkg/sentry/platform/kvm/testutil | Package testutil provides common assembly stubs for testing. |
| pkg/sentry/platform/ptrace | Package ptrace provides a ptrace-based implementation of the platform interface. |
| pkg/sentry/platform/ring0 | Package ring0 provides basic operating system-level stubs. |
| pkg/sentry/platform/ring0/gen_offsets | Binary gen_offsets is a helper for generating offset headers. |
| pkg/sentry/platform/ring0/pagetables | Package pagetables provides a generic implementation of pagetables. |
| pkg/sentry/sighandling | Package sighandling contains helpers for handling signals to applications. |
| pkg/sentry/socket | Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation. |
| pkg/sentry/socket/control | Package control provides internal representations of socket control messages. |
| pkg/sentry/socket/hostinet | Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack. |
| pkg/sentry/socket/netfilter | Package netfilter helps the sentry interact with netstack's netfilter capabilities. |
| pkg/sentry/socket/netlink/port | Package port provides port ID allocation for netlink sockets. |
| pkg/sentry/socket/netlink/route | Package route provides a NETLINK_ROUTE socket protocol. |
| pkg/sentry/socket/netlink/uevent | Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol. |
| pkg/sentry/socket/netstack | Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint. |
| pkg/sentry/socket/unix | Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family. |
| pkg/sentry/socket/unix/transport | Package transport contains the implementation of Unix endpoints. |
| pkg/sentry/state | Package state provides high-level state wrappers. |
| pkg/sentry/strace | Package strace implements the logic to print out the input and the return value of each traced syscall. |
| pkg/sentry/syscalls | Package syscalls is the interface from the application to the kernel. |
| pkg/sentry/syscalls/linux | Package linux provides syscall tables for amd64 Linux. |
| pkg/sentry/syscalls/linux/vfs2 | Package vfs2 provides syscall implementations that use VFS2. |
| pkg/sentry/time | Package time provides a calibrated clock synchronized to a system reference clock. |
| pkg/sentry/unimpl | Package unimpl contains interface to emit events about unimplemented features. |
| pkg/sentry/uniqueid | Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers. |
| pkg/sentry/usage | Package usage provides representations of resource usage. |
| pkg/sentry/vfs | Package lock provides POSIX and BSD style file locking for VFS2 file implementations. |
| pkg/sentry/vfs/genericfstree | Package genericfstree provides tools for implementing vfs.FilesystemImpls where a single statically-determined lock or set of locks is sufficient to ensure that a Dentry's name and parent are contextually immutable. |
| pkg/sentry/vfs/lock | Package lock provides POSIX and BSD style file locking for VFS2 file implementations. |
| pkg/sentry/vfs/memxattr | Package memxattr provides a default, in-memory extended attribute implementation. |
| pkg/sentry/watchdog | Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hungs in the untrusted app. |
| pkg/shim/runsc | |
| pkg/shim/v1/proc | |
| pkg/shim/v1/shim | |
| pkg/shim/v1/utils | |
| pkg/shim/v2 | |
| pkg/shim/v2/options | |
| pkg/shim/v2/runtimeoptions | |
| pkg/sleep | Package sleep allows goroutines to efficiently sleep on multiple sources of notifications (wakers). |
| pkg/state | Package state provides functionality related to saving and loading object graphs. |
| pkg/state/pretty | Package pretty is a pretty-printer for state streams. |
| pkg/state/statefile | Package statefile defines the state file data stream. |
| pkg/state/tests | Package tests tests the state packages. |
| pkg/state/wire | Package wire contains a few basic types that can be composed to serialize graph information for the state package. |
| pkg/syncevent | Package syncevent provides efficient primitives for goroutine synchronization based on event bitmasks. |
| pkg/syserr | Package syserr contains sandbox-internal errors. |
| pkg/syserror | Package syserror contains syscall error codes exported as error interface instead of Errno. |
| pkg/tcpip | Package tcpip provides the interfaces and related types that users of the tcpip stack will use in order to create endpoints used to send and receive data over the network stack. |
| pkg/tcpip/adapters/gonet | Package gonet provides a Go net package compatible wrapper for a tcpip stack. |
| pkg/tcpip/buffer | Package buffer provides the implementation of a buffer view. |
| pkg/tcpip/checker | Package checker provides helper functions to check networking packets for validity. |
| pkg/tcpip/faketime | Package faketime provides a fake clock that implements tcpip.Clock interface. |
| pkg/tcpip/hash/jenkins | Package jenkins implements Jenkins's one_at_a_time, non-cryptographic hash functions created by by Bob Jenkins. |
| pkg/tcpip/header | Package header provides the implementation of the encoding and decoding of network protocol headers. |
| pkg/tcpip/header/parse | Package parse provides utilities to parse packets. |
| pkg/tcpip/link/channel | Package channel provides the implemention of channel-based data-link layer endpoints. |
| pkg/tcpip/link/fdbased | Package fdbased provides the implemention of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets). |
| pkg/tcpip/link/loopback | Package loopback provides the implemention of loopback data-link layer endpoints. |
| pkg/tcpip/link/muxed | Package muxed provides a muxed link endpoints. |
| pkg/tcpip/link/nested | Package nested provides helpers to implement the pattern of nested stack.LinkEndpoints. |
| pkg/tcpip/link/packetsocket | Package packetsocket provides a link layer endpoint that provides the ability to loop outbound packets to any AF_PACKET sockets that may be interested in the outgoing packet. |
| pkg/tcpip/link/qdisc/fifo | Package fifo provides the implementation of data-link layer endpoints that wrap another endpoint and queues all outbound packets and asynchronously dispatches them to the lower endpoint. |
| pkg/tcpip/link/rawfile | Package rawfile contains utilities for using the netstack with raw host files on Linux hosts. |
| pkg/tcpip/link/sharedmem | Package sharedmem provides the implemention of data-link layer endpoints backed by shared memory. |
| pkg/tcpip/link/sharedmem/pipe | Package pipe implements a shared memory ring buffer on which a single reader and a single writer can operate (read/write) concurrently. |
| pkg/tcpip/link/sharedmem/queue | Package queue provides the implementation of transmit and receive queues based on shared memory ring buffers. |
| pkg/tcpip/link/sniffer | Package sniffer provides the implementation of data-link layer endpoints that wrap another endpoint and logs inbound and outbound packets. |
| pkg/tcpip/link/tun | Package tun contains methods to open TAP and TUN devices. |
| pkg/tcpip/link/waitable | Package waitable provides the implementation of data-link layer endpoints that wrap other endpoints, and can wait for inflight calls to WritePacket or DeliverNetworkPacket to finish (and new ones to be prevented). |
| pkg/tcpip/network/arp | Package arp implements the ARP network protocol. |
| pkg/tcpip/network/fragmentation | Package fragmentation contains the implementation of IP fragmentation. |
| pkg/tcpip/network/hash | Package hash contains utility functions for hashing. |
| pkg/tcpip/network/ipv4 | Package ipv4 contains the implementation of the ipv4 network protocol. |
| pkg/tcpip/network/ipv6 | Package ipv6 contains the implementation of the ipv6 network protocol. |
| pkg/tcpip/network/testutil | Package testutil defines types and functions used to test Network Layer functionality such as IP fragmentation. |
| pkg/tcpip/ports | Package ports provides PortManager that manages allocating, reserving and releasing ports. |
| pkg/tcpip/seqnum | Package seqnum defines the types and methods for TCP sequence numbers such that they fit in 32-bit words and work properly when overflows occur. |
| pkg/tcpip/stack | Package stack provides the glue between networking protocols and the consumers of the networking stack. |
| pkg/tcpip/transport/icmp | Package icmp contains the implementation of the ICMP and IPv6-ICMP transport protocols for use in ping. |
| pkg/tcpip/transport/packet | Package packet provides the implementation of packet sockets (see packet(7)). |
| pkg/tcpip/transport/raw | Package raw provides the implementation of raw sockets (see raw(7)). |
| pkg/tcpip/transport/tcpconntrack | Package tcpconntrack implements a TCP connection tracking object. |
| pkg/tcpip/transport/tcp/testing/context | Package context provides a test context for use in tcp tests. |
| pkg/tcpip/transport/udp | Package udp contains the implementation of the UDP transport protocol. |
| pkg/test/criutil | Package criutil contains utility functions for interacting with the Container Runtime Interface (CRI), principally via the crictl command line tool. |
| pkg/test/dockerutil | Package dockerutil is a collection of utility functions. |
| pkg/test/testutil | Package testutil contains utility functions for runsc tests. |
| pkg/unet | Package unet provides a minimal net package based on Unix Domain Sockets. |
| pkg/urpc | Package urpc provides a minimal RPC package based on unet. |
| pkg/usermem | Package usermem governs access to user memory. |
| pkg/waiter | Package waiter provides the implementation of a wait queue, where waiters can be enqueued to be notified when an event of interest happens. |
| runsc | Binary runsc is an implementation of the Open Container Initiative Runtime that runs applications inside a sandbox. |
| runsc/boot | Package boot loads the kernel and runs a container. |
| runsc/boot/filter | Package filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised. |
| runsc/boot/platforms | Package platforms imports all available platform packages. |
| runsc/boot/pprof | Package pprof provides a stub to initialize custom profilers. |
| runsc/cgroup | Package cgroup provides an interface to read and write configuration to cgroup. |
| runsc/cmd | Package cmd holds implementations of the runsc commands. |
| runsc/config | Package config provides basic infrastructure to set configuration settings for runsc. |
| runsc/console | Package console contains utilities for working with pty consols in runsc. |
| runsc/container | Package container creates and manipulates containers. |
| runsc/container/test_app | Binary test_app is like a swiss knife for tests that need to run anything inside the sandbox. |
| runsc/flag | |
| runsc/fsgofer | Package fsgofer implements p9.File giving access to local files using a simple mapping from a path prefix that is added to the path requested by the sandbox. |
| runsc/fsgofer/filter | Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised. |
| runsc/sandbox | Package sandbox creates and manipulates sandboxes. |
| runsc/specutils | Package specutils contains utility functions for working with OCI runtime specs. |
| tools/bigquery | Package bigquery defines a BigQuery schema for benchmarks. |
| tools/checkescape | Package checkescape allows recursive escape analysis for hot paths. |
| tools/checkescape/test1 | Package test1 is a test package. |
| tools/checkescape/test2 | Package test2 is a test package that imports test1. |
| tools/checkunsafe | Package checkunsafe allows unsafe imports only in files named appropriately. |
| tools/go_generics | go_generics reads a Go source file and writes a new version of that file with a few transformations applied to each. |
| tools/go_generics/globals | Package globals provides an AST visitor that calls the visit function for all global identifiers. |
| tools/go_generics/go_merge | |
| tools/go_generics/rules_tests | |
| tools/go_marshal | go_marshal is a code generation utility for automatically generating code to marshal go data structures to memory. |
| tools/go_marshal/analysis | Package analysis implements common functionality used by generated go_marshal tests. |
| tools/go_marshal/gomarshal | Package gomarshal implements the go_marshal code generator. |
| tools/go_marshal/marshal | Package marshal defines the Marshallable interface for serialize/deserializing go data structures to/from memory, according to the Linux ABI. |
| tools/go_marshal/primitive | Package primitive defines marshal.Marshallable implementations for primitive types. |
| tools/go_stateify | Stateify provides a simple way to generate Load/Save methods based on existing types and struct tags. |
| tools/issue_reviver | Package main is the entry point for issue_reviver. |
| tools/issue_reviver/github | Package github implements reviver.Bugger interface on top of Github issues. |
| tools/issue_reviver/reviver | Package reviver scans the code looking for TODOs and pass them to registered Buggers to ensure TODOs point to active issues. |
| tools/nogo | Package nogo implements binary analysis similar to bazel's nogo, or the unitchecker package. |
| tools/nogo/check | Binary check is the nogo entrypoint. |
| tools/nogo/data | Package data contains shared data for nogo analysis. |
| tools/tags | Package tags is a utility for parsing build tags. |
Updated 2020-09-25. Refresh now. Tools for package owners.