Directories ¶
Path | Synopsis |
---|---|
pkg
|
|
abi
Package abi describes the interface between a kernel and userspace.
|
Package abi describes the interface between a kernel and userspace. |
abi/linux
Package linux contains the constants and types needed to interface with a Linux kernel.
|
Package linux contains the constants and types needed to interface with a Linux kernel. |
amutex
Package amutex provides the implementation of an abortable mutex.
|
Package amutex provides the implementation of an abortable mutex. |
atomicbitops
Package atomicbitops provides extensions to the sync/atomic package.
|
Package atomicbitops provides extensions to the sync/atomic package. |
bits
Package bits includes all bit related types and operations.
|
Package bits includes all bit related types and operations. |
bpf
Package bpf provides tools for working with Berkeley Packet Filter (BPF) programs.
|
Package bpf provides tools for working with Berkeley Packet Filter (BPF) programs. |
cleanup
Package cleanup provides utilities to clean "stuff" on defers.
|
Package cleanup provides utilities to clean "stuff" on defers. |
compressio
Package compressio provides parallel compression and decompression, as well as optional SHA-256 hashing.
|
Package compressio provides parallel compression and decompression, as well as optional SHA-256 hashing. |
context
Package context defines an internal context type.
|
Package context defines an internal context type. |
control/client
Package client provides a basic control client interface.
|
Package client provides a basic control client interface. |
control/server
Package server provides a basic control server interface.
|
Package server provides a basic control server interface. |
coverage
Package coverage provides an interface through which Go coverage data can be collected, converted to kcov format, and exposed to userspace.
|
Package coverage provides an interface through which Go coverage data can be collected, converted to kcov format, and exposed to userspace. |
cpuid
Package cpuid provides basic functionality for creating and adjusting CPU feature sets.
|
Package cpuid provides basic functionality for creating and adjusting CPU feature sets. |
eventchannel
Package eventchannel contains functionality for sending any protobuf message on a socketpair.
|
Package eventchannel contains functionality for sending any protobuf message on a socketpair. |
fd
Package fd provides types for working with file descriptors.
|
Package fd provides types for working with file descriptors. |
fdchannel
Package fdchannel implements passing file descriptors between processes over Unix domain sockets.
|
Package fdchannel implements passing file descriptors between processes over Unix domain sockets. |
fdnotifier
Package fdnotifier contains an adapter that translates IO events (e.g., a file became readable/writable) from native FDs to the notifications in the waiter package.
|
Package fdnotifier contains an adapter that translates IO events (e.g., a file became readable/writable) from native FDs to the notifications in the waiter package. |
flipcall
Package flipcall implements a protocol providing Fast Local Interprocess Procedure Calls between mutually-distrusting processes.
|
Package flipcall implements a protocol providing Fast Local Interprocess Procedure Calls between mutually-distrusting processes. |
fspath
Package fspath provides efficient tools for working with file paths in Linux-compatible filesystem implementations.
|
Package fspath provides efficient tools for working with file paths in Linux-compatible filesystem implementations. |
gohacks
Package gohacks contains utilities for subverting the Go compiler.
|
Package gohacks contains utilities for subverting the Go compiler. |
goid
Package goid provides the Get function.
|
Package goid provides the Get function. |
hostarch
Package hostarch contains host arch address operations for user memory.
|
Package hostarch contains host arch address operations for user memory. |
iovec
Package iovec provides helpers to interact with vectorized I/O on host system.
|
Package iovec provides helpers to interact with vectorized I/O on host system. |
linewriter
Package linewriter provides an io.Writer which calls an emitter on each line.
|
Package linewriter provides an io.Writer which calls an emitter on each line. |
log
Package log implements a library for logging.
|
Package log implements a library for logging. |
marshal
Package marshal defines the Marshallable interface for serialize/deserializing go data structures to/from memory, according to the Linux ABI.
|
Package marshal defines the Marshallable interface for serialize/deserializing go data structures to/from memory, according to the Linux ABI. |
marshal/primitive
Package primitive defines marshal.Marshallable implementations for primitive types.
|
Package primitive defines marshal.Marshallable implementations for primitive types. |
memutil
Package memutil provides a wrapper for the memfd_create() system call.
|
Package memutil provides a wrapper for the memfd_create() system call. |
merkletree
Package merkletree implements Merkle tree generating and verification.
|
Package merkletree implements Merkle tree generating and verification. |
metric
Package metric provides primitives for collecting metrics.
|
Package metric provides primitives for collecting metrics. |
p9
Package p9 is a 9P2000.L implementation.
|
Package p9 is a 9P2000.L implementation. |
pool
Package pool provides a trivial integer pool.
|
Package pool provides a trivial integer pool. |
procid
Package procid provides a way to get the current system thread identifier.
|
Package procid provides a way to get the current system thread identifier. |
rand
Package rand implements a cryptographically secure pseudorandom number generator.
|
Package rand implements a cryptographically secure pseudorandom number generator. |
refs
Package refs defines an interface for reference counted objects.
|
Package refs defines an interface for reference counted objects. |
refsvfs2
Package refsvfs2 defines an interface for a reference-counted object.
|
Package refsvfs2 defines an interface for a reference-counted object. |
ring0
Package ring0 provides basic operating system-level stubs.
|
Package ring0 provides basic operating system-level stubs. |
ring0/pagetables
Package pagetables provides a generic implementation of pagetables.
|
Package pagetables provides a generic implementation of pagetables. |
safecopy
Package safecopy provides an efficient implementation of functions to access memory that may result in SIGSEGV or SIGBUS being sent to the accessor.
|
Package safecopy provides an efficient implementation of functions to access memory that may result in SIGSEGV or SIGBUS being sent to the accessor. |
safemem
Package safemem provides the Block and BlockSeq types.
|
Package safemem provides the Block and BlockSeq types. |
seccomp
Package seccomp provides generation of basic seccomp filters.
|
Package seccomp provides generation of basic seccomp filters. |
secio
Package secio provides support for sectioned I/O.
|
Package secio provides support for sectioned I/O. |
sentry/arch
Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc.
|
Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc. |
sentry/arch/fpu
Package fpu provides basic floating point helpers.
|
Package fpu provides basic floating point helpers. |
sentry/control
Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process.
|
Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process. |
sentry/device
Package device defines reserved virtual kernel devices and structures for managing them.
|
Package device defines reserved virtual kernel devices and structures for managing them. |
sentry/devices/memdev
Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c.
|
Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c. |
sentry/devices/ttydev
Package ttydev implements an unopenable vfs.Device for /dev/tty.
|
Package ttydev implements an unopenable vfs.Device for /dev/tty. |
sentry/devices/tundev
Package tundev implements the /dev/net/tun device.
|
Package tundev implements the /dev/net/tun device. |
sentry/fdimport
Package fdimport provides the Import function.
|
Package fdimport provides the Import function. |
sentry/fs
Package fs implements a virtual filesystem layer.
|
Package fs implements a virtual filesystem layer. |
sentry/fs/anon
Package anon implements an anonymous inode, useful for implementing inodes for pseudo filesystems.
|
Package anon implements an anonymous inode, useful for implementing inodes for pseudo filesystems. |
sentry/fs/dev
Package dev provides a filesystem with simple devices.
|
Package dev provides a filesystem with simple devices. |
sentry/fs/fdpipe
Package fdpipe implements common namedpipe opening and accessing logic.
|
Package fdpipe implements common namedpipe opening and accessing logic. |
sentry/fs/fsutil
Package fsutil provides utilities for implementing fs.InodeOperations and fs.FileOperations: - For embeddable utilities, see inode.go and file.go.
|
Package fsutil provides utilities for implementing fs.InodeOperations and fs.FileOperations: - For embeddable utilities, see inode.go and file.go. |
sentry/fs/gofer
Package gofer implements a remote 9p filesystem.
|
Package gofer implements a remote 9p filesystem. |
sentry/fs/host
Package host supports file descriptors imported directly.
|
Package host supports file descriptors imported directly. |
sentry/fs/lock
Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks.
|
Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks. |
sentry/fs/proc
Package proc implements a partial in-memory file system for profs.
|
Package proc implements a partial in-memory file system for profs. |
sentry/fs/proc/device
Package device contains the proc device to avoid dependency loops.
|
Package device contains the proc device to avoid dependency loops. |
sentry/fs/proc/seqfile
Package seqfile provides dynamic ordered files.
|
Package seqfile provides dynamic ordered files. |
sentry/fs/ramfs
Package ramfs provides the fundamentals for a simple in-memory filesystem.
|
Package ramfs provides the fundamentals for a simple in-memory filesystem. |
sentry/fs/sys
Package sys implements a sysfs filesystem.
|
Package sys implements a sysfs filesystem. |
sentry/fs/timerfd
Package timerfd implements the semantics of Linux timerfd objects as described by timerfd_create(2).
|
Package timerfd implements the semantics of Linux timerfd objects as described by timerfd_create(2). |
sentry/fs/tmpfs
Package tmpfs is a filesystem implementation backed by memory.
|
Package tmpfs is a filesystem implementation backed by memory. |
sentry/fs/tty
Package tty provide pseudoterminals via a devpts filesystem.
|
Package tty provide pseudoterminals via a devpts filesystem. |
sentry/fs/user
Package user contains methods for resolving filesystem paths based on the user and their environment.
|
Package user contains methods for resolving filesystem paths based on the user and their environment. |
sentry/fsbridge
Package fsbridge provides common interfaces to bridge between VFS1 and VFS2 files.
|
Package fsbridge provides common interfaces to bridge between VFS1 and VFS2 files. |
sentry/fsimpl/cgroupfs
Package cgroupfs implements cgroupfs.
|
Package cgroupfs implements cgroupfs. |
sentry/fsimpl/devpts
Package devpts provides a filesystem implementation that behaves like devpts.
|
Package devpts provides a filesystem implementation that behaves like devpts. |
sentry/fsimpl/devtmpfs
Package devtmpfs provides an implementation of /dev based on tmpfs, analogous to Linux's devtmpfs.
|
Package devtmpfs provides an implementation of /dev based on tmpfs, analogous to Linux's devtmpfs. |
sentry/fsimpl/eventfd
Package eventfd implements event fds.
|
Package eventfd implements event fds. |
sentry/fsimpl/fuse
Package fuse implements fusefs.
|
Package fuse implements fusefs. |
sentry/fsimpl/gofer
Package gofer provides a filesystem implementation that is backed by a 9p server, interchangably referred to as "gofers" throughout this package.
|
Package gofer provides a filesystem implementation that is backed by a 9p server, interchangably referred to as "gofers" throughout this package. |
sentry/fsimpl/host
Package host provides a filesystem implementation for host files imported as file descriptors.
|
Package host provides a filesystem implementation for host files imported as file descriptors. |
sentry/fsimpl/kernfs
Package kernfs provides the tools to implement inode-based filesystems.
|
Package kernfs provides the tools to implement inode-based filesystems. |
sentry/fsimpl/overlay
Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer").
|
Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer"). |
sentry/fsimpl/pipefs
Package pipefs provides the filesystem implementation backing Kernel.PipeMount.
|
Package pipefs provides the filesystem implementation backing Kernel.PipeMount. |
sentry/fsimpl/proc
Package proc implements a partial in-memory file system for procfs.
|
Package proc implements a partial in-memory file system for procfs. |
sentry/fsimpl/signalfd
Package signalfd provides basic signalfd file implementations.
|
Package signalfd provides basic signalfd file implementations. |
sentry/fsimpl/sockfs
Package sockfs provides a filesystem implementation for anonymous sockets.
|
Package sockfs provides a filesystem implementation for anonymous sockets. |
sentry/fsimpl/sys
Package sys implements sysfs.
|
Package sys implements sysfs. |
sentry/fsimpl/timerfd
Package timerfd implements timer fds.
|
Package timerfd implements timer fds. |
sentry/fsimpl/tmpfs
Package tmpfs provides an in-memory filesystem whose contents are application-mutable, consistent with Linux's tmpfs.
|
Package tmpfs provides an in-memory filesystem whose contents are application-mutable, consistent with Linux's tmpfs. |
sentry/fsimpl/verity
Package verity provides a filesystem implementation that is a wrapper of another file system.
|
Package verity provides a filesystem implementation that is a wrapper of another file system. |
sentry/fsmetric
Package fsmetric defines filesystem metrics that are used by both VFS1 and VFS2.
|
Package fsmetric defines filesystem metrics that are used by both VFS1 and VFS2. |
sentry/hostcpu
Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel.
|
Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel. |
sentry/hostfd
Package hostfd provides efficient I/O with host file descriptors.
|
Package hostfd provides efficient I/O with host file descriptors. |
sentry/hostmm
Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem.
|
Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem. |
sentry/inet
Package inet defines semantics for IP stacks.
|
Package inet defines semantics for IP stacks. |
sentry/kernel
Package kernel provides an emulation of the Linux kernel.
|
Package kernel provides an emulation of the Linux kernel. |
sentry/kernel/auth
Package auth implements an access control model that is a subset of Linux's.
|
Package auth implements an access control model that is a subset of Linux's. |
sentry/kernel/epoll
Package epoll provides an implementation of Linux's IO event notification facility.
|
Package epoll provides an implementation of Linux's IO event notification facility. |
sentry/kernel/eventfd
Package eventfd provides an implementation of Linux's file-based event notification.
|
Package eventfd provides an implementation of Linux's file-based event notification. |
sentry/kernel/fasync
Package fasync provides FIOASYNC related functionality.
|
Package fasync provides FIOASYNC related functionality. |
sentry/kernel/futex
Package futex provides an implementation of the futex interface as found in the Linux kernel.
|
Package futex provides an implementation of the futex interface as found in the Linux kernel. |
sentry/kernel/memevent
Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel.
|
Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel. |
sentry/kernel/pipe
Package pipe provides a pipe implementation.
|
Package pipe provides a pipe implementation. |
sentry/kernel/sched
Package sched implements scheduler related features.
|
Package sched implements scheduler related features. |
sentry/kernel/semaphore
Package semaphore implements System V semaphores.
|
Package semaphore implements System V semaphores. |
sentry/kernel/shm
Package shm implements sysv shared memory segments.
|
Package shm implements sysv shared memory segments. |
sentry/kernel/signalfd
Package signalfd provides an implementation of signal file descriptors.
|
Package signalfd provides an implementation of signal file descriptors. |
sentry/kernel/time
Package time defines the Timer type, which provides a periodic timer that works by sampling a user-provided clock.
|
Package time defines the Timer type, which provides a periodic timer that works by sampling a user-provided clock. |
sentry/limits
Package limits provides resource limits.
|
Package limits provides resource limits. |
sentry/loader
Package loader loads an executable file into a MemoryManager.
|
Package loader loads an executable file into a MemoryManager. |
sentry/loader/vdsodata
Package vdsodata contains a compiled VDSO object.
|
Package vdsodata contains a compiled VDSO object. |
sentry/memmap
Package memmap defines semantics for memory mappings.
|
Package memmap defines semantics for memory mappings. |
sentry/mm
Package mm provides a memory management subsystem.
|
Package mm provides a memory management subsystem. |
sentry/pgalloc
Package pgalloc contains the page allocator subsystem, which manages memory that may be mapped into application address spaces.
|
Package pgalloc contains the page allocator subsystem, which manages memory that may be mapped into application address spaces. |
sentry/platform
Package platform provides a Platform abstraction.
|
Package platform provides a Platform abstraction. |
sentry/platform/interrupt
Package interrupt provides an interrupt helper.
|
Package interrupt provides an interrupt helper. |
sentry/platform/kvm
Package kvm provides a kvm-based implementation of the platform interface.
|
Package kvm provides a kvm-based implementation of the platform interface. |
sentry/platform/ptrace
Package ptrace provides a ptrace-based implementation of the platform interface.
|
Package ptrace provides a ptrace-based implementation of the platform interface. |
sentry/sighandling
Package sighandling contains helpers for handling signals to applications.
|
Package sighandling contains helpers for handling signals to applications. |
sentry/socket
Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation.
|
Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation. |
sentry/socket/control
Package control provides internal representations of socket control messages.
|
Package control provides internal representations of socket control messages. |
sentry/socket/hostinet
Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack.
|
Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack. |
sentry/socket/netfilter
Package netfilter helps the sentry interact with netstack's netfilter capabilities.
|
Package netfilter helps the sentry interact with netstack's netfilter capabilities. |
sentry/socket/netlink
Package netlink provides core functionality for netlink sockets.
|
Package netlink provides core functionality for netlink sockets. |
sentry/socket/netlink/port
Package port provides port ID allocation for netlink sockets.
|
Package port provides port ID allocation for netlink sockets. |
sentry/socket/netlink/route
Package route provides a NETLINK_ROUTE socket protocol.
|
Package route provides a NETLINK_ROUTE socket protocol. |
sentry/socket/netlink/uevent
Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol.
|
Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol. |
sentry/socket/netstack
Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint.
|
Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint. |
sentry/socket/unix
Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family.
|
Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family. |
sentry/socket/unix/transport
Package transport contains the implementation of Unix endpoints.
|
Package transport contains the implementation of Unix endpoints. |
sentry/state
Package state provides high-level state wrappers.
|
Package state provides high-level state wrappers. |
sentry/strace
Package strace implements the logic to print out the input and the return value of each traced syscall.
|
Package strace implements the logic to print out the input and the return value of each traced syscall. |
sentry/syscalls
Package syscalls is the interface from the application to the kernel.
|
Package syscalls is the interface from the application to the kernel. |
sentry/syscalls/linux
Package linux provides syscall tables for amd64 Linux.
|
Package linux provides syscall tables for amd64 Linux. |
sentry/syscalls/linux/vfs2
Package vfs2 provides syscall implementations that use VFS2.
|
Package vfs2 provides syscall implementations that use VFS2. |
sentry/time
Package time provides a calibrated clock synchronized to a system reference clock.
|
Package time provides a calibrated clock synchronized to a system reference clock. |
sentry/unimpl
Package unimpl contains interface to emit events about unimplemented features.
|
Package unimpl contains interface to emit events about unimplemented features. |
sentry/uniqueid
Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers.
|
Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers. |
sentry/usage
Package usage provides representations of resource usage.
|
Package usage provides representations of resource usage. |
sentry/vfs
Package vfs implements a virtual filesystem layer.
|
Package vfs implements a virtual filesystem layer. |
sentry/vfs/memxattr
Package memxattr provides a default, in-memory extended attribute implementation.
|
Package memxattr provides a default, in-memory extended attribute implementation. |
sentry/watchdog
Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hungs in the untrusted app.
|
Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hungs in the untrusted app. |
shim
Package shim implements Containerd Shim v2 interface.
|
Package shim implements Containerd Shim v2 interface. |
shim/proc
Package proc is responsible to manage the communication between the shim and the sandbox process running the container.
|
Package proc is responsible to manage the communication between the shim and the sandbox process running the container. |
shim/runsc
Package runsc provides an API to interact with runsc command line.
|
Package runsc provides an API to interact with runsc command line. |
shim/runtimeoptions
Package runtimeoptions contains the runtimeoptions proto.
|
Package runtimeoptions contains the runtimeoptions proto. |
shim/utils
Package utils container miscellaneous utility function used by the shim.
|
Package utils container miscellaneous utility function used by the shim. |
sleep
Package sleep allows goroutines to efficiently sleep on multiple sources of notifications (wakers).
|
Package sleep allows goroutines to efficiently sleep on multiple sources of notifications (wakers). |
state
Package state provides functionality related to saving and loading object graphs.
|
Package state provides functionality related to saving and loading object graphs. |
state/pretty
Package pretty is a pretty-printer for state streams.
|
Package pretty is a pretty-printer for state streams. |
state/statefile
Package statefile defines the state file data stream.
|
Package statefile defines the state file data stream. |
state/wire
Package wire contains a few basic types that can be composed to serialize graph information for the state package.
|
Package wire contains a few basic types that can be composed to serialize graph information for the state package. |
sync
Package sync provides synchronization primitives.
|
Package sync provides synchronization primitives. |
syserr
Package syserr contains sandbox-internal errors.
|
Package syserr contains sandbox-internal errors. |
syserror
Package syserror contains syscall error codes exported as error interface instead of Errno.
|
Package syserror contains syscall error codes exported as error interface instead of Errno. |
tcpip
Package tcpip provides the interfaces and related types that users of the tcpip stack will use in order to create endpoints used to send and receive data over the network stack.
|
Package tcpip provides the interfaces and related types that users of the tcpip stack will use in order to create endpoints used to send and receive data over the network stack. |
tcpip/adapters/gonet
Package gonet provides a Go net package compatible wrapper for a tcpip stack.
|
Package gonet provides a Go net package compatible wrapper for a tcpip stack. |
tcpip/buffer
Package buffer provides the implementation of a buffer view.
|
Package buffer provides the implementation of a buffer view. |
tcpip/faketime
Package faketime provides a fake clock that implements tcpip.Clock interface.
|
Package faketime provides a fake clock that implements tcpip.Clock interface. |
tcpip/hash/jenkins
Package jenkins implements Jenkins's one_at_a_time, non-cryptographic hash functions created by by Bob Jenkins.
|
Package jenkins implements Jenkins's one_at_a_time, non-cryptographic hash functions created by by Bob Jenkins. |
tcpip/header
Package header provides the implementation of the encoding and decoding of network protocol headers.
|
Package header provides the implementation of the encoding and decoding of network protocol headers. |
tcpip/header/parse
Package parse provides utilities to parse packets.
|
Package parse provides utilities to parse packets. |
tcpip/link/channel
Package channel provides the implemention of channel-based data-link layer endpoints.
|
Package channel provides the implemention of channel-based data-link layer endpoints. |
tcpip/link/ethernet
Package ethernet provides an implementation of an ethernet link endpoint that wraps an inner link endpoint.
|
Package ethernet provides an implementation of an ethernet link endpoint that wraps an inner link endpoint. |
tcpip/link/fdbased
Package fdbased provides the implemention of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets).
|
Package fdbased provides the implemention of data-link layer endpoints backed by boundary-preserving file descriptors (e.g., TUN devices, seqpacket/datagram sockets). |
tcpip/link/loopback
Package loopback provides the implemention of loopback data-link layer endpoints.
|
Package loopback provides the implemention of loopback data-link layer endpoints. |
tcpip/link/muxed
Package muxed provides a muxed link endpoints.
|
Package muxed provides a muxed link endpoints. |
tcpip/link/nested
Package nested provides helpers to implement the pattern of nested stack.LinkEndpoints.
|
Package nested provides helpers to implement the pattern of nested stack.LinkEndpoints. |
tcpip/link/packetsocket
Package packetsocket provides a link layer endpoint that provides the ability to loop outbound packets to any AF_PACKET sockets that may be interested in the outgoing packet.
|
Package packetsocket provides a link layer endpoint that provides the ability to loop outbound packets to any AF_PACKET sockets that may be interested in the outgoing packet. |
tcpip/link/pipe
Package pipe provides the implementation of pipe-like data-link layer endpoints.
|
Package pipe provides the implementation of pipe-like data-link layer endpoints. |
tcpip/link/qdisc/fifo
Package fifo provides the implementation of data-link layer endpoints that wrap another endpoint and queues all outbound packets and asynchronously dispatches them to the lower endpoint.
|
Package fifo provides the implementation of data-link layer endpoints that wrap another endpoint and queues all outbound packets and asynchronously dispatches them to the lower endpoint. |
tcpip/link/rawfile
Package rawfile contains utilities for using the netstack with raw host files on Linux hosts.
|
Package rawfile contains utilities for using the netstack with raw host files on Linux hosts. |
tcpip/link/sharedmem
Package sharedmem provides the implemention of data-link layer endpoints backed by shared memory.
|
Package sharedmem provides the implemention of data-link layer endpoints backed by shared memory. |
tcpip/link/sharedmem/pipe
Package pipe implements a shared memory ring buffer on which a single reader and a single writer can operate (read/write) concurrently.
|
Package pipe implements a shared memory ring buffer on which a single reader and a single writer can operate (read/write) concurrently. |
tcpip/link/sharedmem/queue
Package queue provides the implementation of transmit and receive queues based on shared memory ring buffers.
|
Package queue provides the implementation of transmit and receive queues based on shared memory ring buffers. |
tcpip/link/sniffer
Package sniffer provides the implementation of data-link layer endpoints that wrap another endpoint and logs inbound and outbound packets.
|
Package sniffer provides the implementation of data-link layer endpoints that wrap another endpoint and logs inbound and outbound packets. |
tcpip/link/tun
Package tun contains methods to open TAP and TUN devices.
|
Package tun contains methods to open TAP and TUN devices. |
tcpip/link/waitable
Package waitable provides the implementation of data-link layer endpoints that wrap other endpoints, and can wait for inflight calls to WritePacket or DeliverNetworkPacket to finish (and new ones to be prevented).
|
Package waitable provides the implementation of data-link layer endpoints that wrap other endpoints, and can wait for inflight calls to WritePacket or DeliverNetworkPacket to finish (and new ones to be prevented). |
tcpip/network/arp
Package arp implements the ARP network protocol.
|
Package arp implements the ARP network protocol. |
tcpip/network/hash
Package hash contains utility functions for hashing.
|
Package hash contains utility functions for hashing. |
tcpip/network/internal/fragmentation
Package fragmentation contains the implementation of IP fragmentation.
|
Package fragmentation contains the implementation of IP fragmentation. |
tcpip/network/internal/ip
Package ip holds IPv4/IPv6 common utilities.
|
Package ip holds IPv4/IPv6 common utilities. |
tcpip/network/ipv4
Package ipv4 contains the implementation of the ipv4 network protocol.
|
Package ipv4 contains the implementation of the ipv4 network protocol. |
tcpip/network/ipv6
Package ipv6 contains the implementation of the ipv6 network protocol.
|
Package ipv6 contains the implementation of the ipv6 network protocol. |
tcpip/ports
Package ports provides PortManager that manages allocating, reserving and releasing ports.
|
Package ports provides PortManager that manages allocating, reserving and releasing ports. |
tcpip/seqnum
Package seqnum defines the types and methods for TCP sequence numbers such that they fit in 32-bit words and work properly when overflows occur.
|
Package seqnum defines the types and methods for TCP sequence numbers such that they fit in 32-bit words and work properly when overflows occur. |
tcpip/stack
Package stack provides the glue between networking protocols and the consumers of the networking stack.
|
Package stack provides the glue between networking protocols and the consumers of the networking stack. |
tcpip/transport/icmp
Package icmp contains the implementation of the ICMP and IPv6-ICMP transport protocols for use in ping.
|
Package icmp contains the implementation of the ICMP and IPv6-ICMP transport protocols for use in ping. |
tcpip/transport/packet
Package packet provides the implementation of packet sockets (see packet(7)).
|
Package packet provides the implementation of packet sockets (see packet(7)). |
tcpip/transport/raw
Package raw provides the implementation of raw sockets (see raw(7)).
|
Package raw provides the implementation of raw sockets (see raw(7)). |
tcpip/transport/tcp
Package tcp contains the implementation of the TCP transport protocol.
|
Package tcp contains the implementation of the TCP transport protocol. |
tcpip/transport/tcpconntrack
Package tcpconntrack implements a TCP connection tracking object.
|
Package tcpconntrack implements a TCP connection tracking object. |
tcpip/transport/udp
Package udp contains the implementation of the UDP transport protocol.
|
Package udp contains the implementation of the UDP transport protocol. |
unet
Package unet provides a minimal net package based on Unix Domain Sockets.
|
Package unet provides a minimal net package based on Unix Domain Sockets. |
urpc
Package urpc provides a minimal RPC package based on unet.
|
Package urpc provides a minimal RPC package based on unet. |
usermem
Package usermem governs access to user memory.
|
Package usermem governs access to user memory. |
waiter
Package waiter provides the implementation of a wait queue, where waiters can be enqueued to be notified when an event of interest happens.
|
Package waiter provides the implementation of a wait queue, where waiters can be enqueued to be notified when an event of interest happens. |
Binary runsc implements the OCI runtime interface.
|
Binary runsc implements the OCI runtime interface. |
boot
Package boot loads the kernel and runs a container.
|
Package boot loads the kernel and runs a container. |
boot/filter
Package filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
|
Package filter defines all syscalls the sandbox is allowed to make to the host, and installs seccomp filters to prevent prohibited syscalls in case it's compromised. |
boot/platforms
Package platforms imports all available platform packages.
|
Package platforms imports all available platform packages. |
boot/pprof
Package pprof provides a stub to initialize custom profilers.
|
Package pprof provides a stub to initialize custom profilers. |
cgroup
Package cgroup provides an interface to read and write configuration to cgroup.
|
Package cgroup provides an interface to read and write configuration to cgroup. |
cli
Package cli is the main entrypoint for runsc.
|
Package cli is the main entrypoint for runsc. |
cmd
Package cmd holds implementations of the runsc commands.
|
Package cmd holds implementations of the runsc commands. |
config
Package config provides basic infrastructure to set configuration settings for runsc.
|
Package config provides basic infrastructure to set configuration settings for runsc. |
console
Package console contains utilities for working with pty consols in runsc.
|
Package console contains utilities for working with pty consols in runsc. |
container
Package container creates and manipulates containers.
|
Package container creates and manipulates containers. |
flag
Package flag wraps flag primitives.
|
Package flag wraps flag primitives. |
fsgofer
Package fsgofer implements p9.File giving access to local files using a simple mapping from a path prefix that is added to the path requested by the sandbox.
|
Package fsgofer implements p9.File giving access to local files using a simple mapping from a path prefix that is added to the path requested by the sandbox. |
fsgofer/filter
Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
|
Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised. |
mitigate
Package mitigate provides libraries for the mitigate command.
|
Package mitigate provides libraries for the mitigate command. |
sandbox
Package sandbox creates and manipulates sandboxes.
|
Package sandbox creates and manipulates sandboxes. |
specutils
Package specutils contains utility functions for working with OCI runtime specs.
|
Package specutils contains utility functions for working with OCI runtime specs. |
specutils/seccomp
Package seccomp implements some features of libseccomp in order to support OCI.
|
Package seccomp implements some features of libseccomp in order to support OCI. |
Binary containerd-shim-runsc-v1 is the v2 containerd shim (implementing the formal v1 API).
|
Binary containerd-shim-runsc-v1 is the v2 containerd shim (implementing the formal v1 API). |
cli
Package cli defines the command line interface for the V2 shim.
|
Package cli defines the command line interface for the V2 shim. |
Binary main serves a mutating Kubernetes webhook.
|
Binary main serves a mutating Kubernetes webhook. |
pkg/cli
Package cli provides a CLI interface for a mutating Kubernetes webhook.
|
Package cli provides a CLI interface for a mutating Kubernetes webhook. |
pkg/injector
Package injector handles mutating webhook operations.
|
Package injector handles mutating webhook operations. |
Click to show internal directories.
Click to hide internal directories.