securefs

package module

v0.0.1 Latest Latest Go to latest Published: Jul 18, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

README ¶

securefs

Go library for secure file system operations scoped to an arbitrary root directory on Linux, without chroot, mount namespaces, or other privileged features.

This uses the Linux-specific openat2 syscall with RESOLVE_IN_ROOT to prevent symlink escapes and race conditions. Other solutions like securejoin are subject to race conditions.

Unlike O_NOFOLLOW, this supports all file system operations and works with symlinks (as long as they don't escape the specified root directory).

Documentation ¶

Index ¶

func Create(at string, name string) (*os.File, error)
func Mkdir(at string, name string, perm os.FileMode) error
func MkdirAll(at string, path string, perm os.FileMode) error
func Open(at string, name string) (fs.File, error)
func OpenFile(at string, name string, flag int, perm os.FileMode) (*os.File, error)
func ReadDir(at string, name string) ([]os.DirEntry, error)
func ReadFile(at string, name string) ([]byte, error)
func Remove(at string, name string) error
func ResolvePath(at string, name string) (string, error)
func Stat(at string, name string) (os.FileInfo, error)
func Symlink(at string, oldname, newname string) error
func WriteFile(at string, name string, data []byte, perm os.FileMode) error
type FS
- func Default() *FS
- func NewFS(root string) (*FS, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Create ¶

func Create(at string, name string) (*os.File, error)

func Mkdir ¶

func Mkdir(at string, name string, perm os.FileMode) error

func MkdirAll ¶

func MkdirAll(at string, path string, perm os.FileMode) error

func Open ¶

func Open(at string, name string) (fs.File, error)

func OpenFile ¶

func OpenFile(at string, name string, flag int, perm os.FileMode) (*os.File, error)

quick functions

func ReadDir ¶

func ReadDir(at string, name string) ([]os.DirEntry, error)

func ReadFile ¶

func ReadFile(at string, name string) ([]byte, error)

func Remove ¶

func Remove(at string, name string) error

func ResolvePath ¶

func ResolvePath(at string, name string) (string, error)

func Stat ¶

func Stat(at string, name string) (os.FileInfo, error)

func Symlink ¶

func Symlink(at string, oldname, newname string) error

func WriteFile ¶

func WriteFile(at string, name string, data []byte, perm os.FileMode) error

Types ¶

type FS ¶

type FS struct {
	// contains filtered or unexported fields
}

func Default ¶

func Default() *FS

func NewFS ¶

func NewFS(root string) (*FS, error)

func (*FS) Close ¶

func (fs *FS) Close() error

func (*FS) Create ¶

func (fs *FS) Create(name string) (*os.File, error)

func (*FS) Mkdir ¶

func (fs *FS) Mkdir(name string, perm os.FileMode) error

func (*FS) MkdirAll ¶

func (fs *FS) MkdirAll(path string, perm os.FileMode) error

func (*FS) Open ¶

func (fs *FS) Open(name string) (fs.File, error)

func (*FS) OpenFile ¶

func (fs *FS) OpenFile(name string, flag int, perm os.FileMode) (*os.File, error)

func (*FS) ReadDir ¶

func (fs *FS) ReadDir(name string) ([]os.DirEntry, error)

func (*FS) ReadFile ¶

func (fs *FS) ReadFile(name string) ([]byte, error)

func (*FS) Remove ¶

func (fs *FS) Remove(name string) error

func (*FS) ResolvePath ¶

func (fs *FS) ResolvePath(name string) (string, error)

func (*FS) Stat ¶

func (fs *FS) Stat(name string) (os.FileInfo, error)

func (*FS) Symlink ¶

func (fs *FS) Symlink(oldname, newname string) error

func (*FS) WriteFile ¶

func (fs *FS) WriteFile(name string, data []byte, perm os.FileMode) error

Source Files ¶

View all Source files

securefs.go

Directories ¶

Path	Synopsis
internal
syncx

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL