Retracted
Documentation
¶
Index ¶
- Constants
- Variables
- func AsBaseError(err error, target **BaseError) bool
- type ACLUpdateError
- type App
- type BaseError
- type ChangeHostsError
- type CloseDBusError
- type Config
- type ConfinementConfig
- type DBusStartError
- type EnsureDirError
- type ErrDisplayEnv
- type FilesystemConfig
- type LauncherLookupError
- type LookupDBusError
- type ProcessError
- type PulseCookieAccessError
- type PulseSocketAccessError
- type RevertCompoundError
- type SandboxConfig
- type SealConfigError
- type SealDBusError
- type SecurityError
- type ShimError
- type StartDBusError
- type StateStoreError
- type TmpfileError
Constants ¶
View Source
const ( LaunchMethodSudo uint8 = iota LaunchMethodMachineCtl )
Variables ¶
View Source
var ( ErrConfig = errors.New("no configuration to seal") ErrUser = errors.New("unknown user") ErrLaunch = errors.New("invalid launch method") ErrSudo = errors.New("sudo not available") ErrSystemd = errors.New("systemd not available") ErrMachineCtl = errors.New("machinectl not available") )
View Source
var ( ErrWayland = errors.New(waylandDisplay + " unset") ErrXDisplay = errors.New(display + " unset") )
View Source
var ( ErrPulseCookie = errors.New("pulse cookie not present") ErrPulseSocket = errors.New("pulse socket not present") ErrPulseMode = errors.New("unexpected pulse socket mode") )
View Source
var (
ErrDBusConfig = errors.New("dbus config not supplied")
)
Functions ¶
func AsBaseError ¶
Types ¶
type ACLUpdateError ¶
type ACLUpdateError BaseError
type App ¶
type BaseError ¶
type BaseError struct {
// contains filtered or unexported fields
}
BaseError implements an error container with a user-facing message
type ChangeHostsError ¶
type ChangeHostsError BaseError
type CloseDBusError ¶
type CloseDBusError BaseError
type Config ¶
type Config struct {
// D-Bus application ID
ID string `json:"id"`
// username of the target user to switch to
User string `json:"user"`
// value passed through to the child process as its argv
Command []string `json:"command"`
// string representation of the child's launch method
Method string `json:"method"`
// child confinement configuration
Confinement ConfinementConfig `json:"confinement"`
}
Config is used to seal an *App
type ConfinementConfig ¶
type ConfinementConfig struct {
// bwrap sandbox confinement configuration
Sandbox *SandboxConfig `json:"sandbox"`
// reference to a system D-Bus proxy configuration,
// nil value disables system bus proxy
SystemBus *dbus.Config `json:"system_bus,omitempty"`
// reference to a session D-Bus proxy configuration,
// nil value makes session bus proxy assume built-in defaults
SessionBus *dbus.Config `json:"session_bus,omitempty"`
// child capability enablements
Enablements state.Enablements `json:"enablements"`
}
ConfinementConfig defines fortified child's confinement
type DBusStartError ¶
type DBusStartError BaseError
type EnsureDirError ¶
type EnsureDirError BaseError
type ErrDisplayEnv ¶
type ErrDisplayEnv BaseError
type FilesystemConfig ¶ added in v0.0.3
type FilesystemConfig struct {
// mount point in sandbox, same as src if empty
Dst string `json:"dst,omitempty"`
// host filesystem path to make available to sandbox
Src string `json:"src"`
// write access
Write bool `json:"write,omitempty"`
// device access
Device bool `json:"dev,omitempty"`
// exit if unable to share
Must bool `json:"require,omitempty"`
}
type LauncherLookupError ¶
type LauncherLookupError BaseError
type LookupDBusError ¶
type LookupDBusError BaseError
type ProcessError ¶
type ProcessError BaseError
ProcessError encapsulates errors returned by starting *exec.Cmd
type PulseCookieAccessError ¶
type PulseCookieAccessError BaseError
type PulseSocketAccessError ¶
type PulseSocketAccessError BaseError
type RevertCompoundError ¶
type SandboxConfig ¶ added in v0.0.3
type SandboxConfig struct {
// unix hostname within sandbox
Hostname string `json:"hostname,omitempty"`
// userns availability within sandbox
UserNS bool `json:"userns,omitempty"`
// share net namespace
Net bool `json:"net,omitempty"`
// do not run in new session
NoNewSession bool `json:"no_new_session,omitempty"`
// mediated access to wayland socket
Wayland bool `json:"wayland,omitempty"`
// final environment variables
Env map[string]string `json:"env"`
// sandbox host filesystem access
Filesystem []*FilesystemConfig `json:"filesystem"`
// tmpfs mount points to mount last
Tmpfs []string `json:"tmpfs"`
}
SandboxConfig describes resources made available to the sandbox.
func (*SandboxConfig) Bwrap ¶ added in v0.0.3
func (s *SandboxConfig) Bwrap() *bwrap.Config
Bwrap returns the address of the corresponding bwrap.Config to s. Note that remaining tmpfs entries must be queued by the caller prior to launch.
type SealConfigError ¶
type SealConfigError BaseError
type SealDBusError ¶
type SealDBusError BaseError
type SecurityError ¶
type SecurityError BaseError
type ShimError ¶ added in v0.0.3
type ShimError BaseError
ShimError encapsulates errors returned by shim.ServeConfig.
type StartDBusError ¶
type StartDBusError BaseError
type StateStoreError ¶
type StateStoreError struct {
// whether inner function was called
Inner bool
// error returned by state.Store Do method
DoErr error
// error returned by state.Backend Save method
InnerErr error
// any other errors needing to be tracked
Err error
}
StateStoreError is returned for a failed state save
func (*StateStoreError) Error ¶
func (e *StateStoreError) Error() string
func (*StateStoreError) Unwrap ¶
func (e *StateStoreError) Unwrap() (errs []error)
type TmpfileError ¶
type TmpfileError BaseError
Source Files
Click to show internal directories.
Click to hide internal directories.