Documentation ¶
Overview ¶
Package host provides a filesystem implementation for host files imported as file descriptors.
Index ¶
- Constants
- func ImportFD(ctx context.Context, mnt *vfs.Mount, hostFD int, isTTY bool) (*vfs.FileDescription, error)
- func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions) (*vfs.FileDescription, error)
- func NewFilesystem(vfsObj *vfs.VirtualFilesystem) (*vfs.Filesystem, error)
- type ConnectedEndpoint
- func (c *ConnectedEndpoint) CloseNotify()
- func (c *ConnectedEndpoint) CloseRecv()
- func (c *ConnectedEndpoint) CloseSend()
- func (c *ConnectedEndpoint) CloseUnread()
- func (c *ConnectedEndpoint) EventUpdate()
- func (c *ConnectedEndpoint) GetLocalAddress() (tcpip.FullAddress, tcpip.Error)
- func (c *ConnectedEndpoint) Passcred() bool
- func (c *ConnectedEndpoint) Readable() bool
- func (c *ConnectedEndpoint) Recv(ctx context.Context, data [][]byte, creds bool, numRights int, peek bool) (int64, int64, transport.ControlMessages, bool, tcpip.FullAddress, bool, ...)
- func (c *ConnectedEndpoint) RecvMaxQueueSize() int64
- func (c *ConnectedEndpoint) RecvNotify()
- func (c *ConnectedEndpoint) RecvQueuedSize() int64
- func (c *ConnectedEndpoint) Release(ctx context.Context)
- func (c *ConnectedEndpoint) Send(ctx context.Context, data [][]byte, controlMessages transport.ControlMessages, ...) (int64, bool, *syserr.Error)
- func (c *ConnectedEndpoint) SendMaxQueueSize() int64
- func (c *ConnectedEndpoint) SendNotify()
- func (c *ConnectedEndpoint) SendQueuedSize() int64
- func (c *ConnectedEndpoint) SetReceiveBufferSize(v int64) (newSz int64)
- func (c *ConnectedEndpoint) SetSendBufferSize(v int64) (newSz int64)
- func (c *ConnectedEndpoint) StateFields() []string
- func (c *ConnectedEndpoint) StateLoad(stateSourceObject state.Source)
- func (c *ConnectedEndpoint) StateSave(stateSinkObject state.Sink)
- func (c *ConnectedEndpoint) StateTypeName() string
- func (c *ConnectedEndpoint) Writable() bool
- type ConnectedEndpointRefs
- func (r *ConnectedEndpointRefs) DecRef(destroy func())
- func (r *ConnectedEndpointRefs) IncRef()
- func (r *ConnectedEndpointRefs) InitRefs()
- func (r *ConnectedEndpointRefs) LeakMessage() string
- func (r *ConnectedEndpointRefs) LogRefs() bool
- func (r *ConnectedEndpointRefs) ReadRefs() int64
- func (r *ConnectedEndpointRefs) RefType() string
- func (r *ConnectedEndpointRefs) StateFields() []string
- func (r *ConnectedEndpointRefs) StateLoad(stateSourceObject state.Source)
- func (r *ConnectedEndpointRefs) StateSave(stateSinkObject state.Sink)
- func (r *ConnectedEndpointRefs) StateTypeName() string
- func (r *ConnectedEndpointRefs) TryIncRef() bool
- type NewFDOptions
- type SCMConnectedEndpoint
- type TTYFileDescription
- func (f *TTYFileDescription) Allocate(ctx context.Context, mode, offset, length uint64) error
- func (f *TTYFileDescription) ConfigureMMap(_ context.Context, opts *memmap.MMapOpts) error
- func (f *TTYFileDescription) EventRegister(e *waiter.Entry, mask waiter.EventMask)
- func (f *TTYFileDescription) EventUnregister(e *waiter.Entry)
- func (t *TTYFileDescription) ForegroundProcessGroup() *kernel.ProcessGroup
- func (t *TTYFileDescription) InitForegroundProcessGroup(pg *kernel.ProcessGroup)
- func (t *TTYFileDescription) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArguments) (uintptr, error)
- func (t *TTYFileDescription) PRead(ctx context.Context, dst usermem.IOSequence, offset int64, ...) (int64, error)
- func (t *TTYFileDescription) PWrite(ctx context.Context, src usermem.IOSequence, offset int64, ...) (int64, error)
- func (t *TTYFileDescription) Read(ctx context.Context, dst usermem.IOSequence, opts vfs.ReadOptions) (int64, error)
- func (f *TTYFileDescription) Readiness(mask waiter.EventMask) waiter.EventMask
- func (t *TTYFileDescription) Release(ctx context.Context)
- func (f *TTYFileDescription) Seek(_ context.Context, offset int64, whence int32) (int64, error)
- func (f *TTYFileDescription) SetStat(ctx context.Context, opts vfs.SetStatOptions) error
- func (f *TTYFileDescription) Stat(ctx context.Context, opts vfs.StatOptions) (linux.Statx, error)
- func (t *TTYFileDescription) StateFields() []string
- func (t *TTYFileDescription) StateLoad(stateSourceObject state.Source)
- func (t *TTYFileDescription) StateSave(stateSinkObject state.Sink)
- func (t *TTYFileDescription) StateTypeName() string
- func (f *TTYFileDescription) Sync(ctx context.Context) error
- func (t *TTYFileDescription) Write(ctx context.Context, src usermem.IOSequence, opts vfs.WriteOptions) (int64, error)
Constants ¶
const ConnectedEndpointenableLogging = false
enableLogging indicates whether reference-related events should be logged (with stack traces). This is false by default and should only be set to true for debugging purposes, as it can generate an extremely large amount of output and drastically degrade performance.
Variables ¶
This section is empty.
Functions ¶
func ImportFD ¶
func ImportFD(ctx context.Context, mnt *vfs.Mount, hostFD int, isTTY bool) (*vfs.FileDescription, error)
ImportFD sets up and returns a vfs.FileDescription from a donated fd.
func NewFD ¶
func NewFD(ctx context.Context, mnt *vfs.Mount, hostFD int, opts *NewFDOptions) (*vfs.FileDescription, error)
NewFD returns a vfs.FileDescription representing the given host file descriptor. mnt must be Kernel.HostMount().
func NewFilesystem ¶
func NewFilesystem(vfsObj *vfs.VirtualFilesystem) (*vfs.Filesystem, error)
NewFilesystem sets up and returns a new hostfs filesystem.
Note that there should only ever be one instance of host.filesystem, a global mount for host fds.
Types ¶
type ConnectedEndpoint ¶
type ConnectedEndpoint struct { ConnectedEndpointRefs // contains filtered or unexported fields }
ConnectedEndpoint is an implementation of transport.ConnectedEndpoint and transport.Receiver. It is backed by a host fd that was imported at sentry startup. This fd is shared with a hostfs inode, which retains ownership of it.
ConnectedEndpoint is saveable, since we expect that the host will provide the same fd upon restore.
As of this writing, we only allow Unix sockets to be imported.
+stateify savable
var ConnectedEndpointobj *ConnectedEndpoint
obj is used to customize logging. Note that we use a pointer to T so that we do not copy the entire object when passed as a format parameter.
func NewConnectedEndpoint ¶
func NewConnectedEndpoint(hostFD int, addr string) (*ConnectedEndpoint, *syserr.Error)
NewConnectedEndpoint creates a new ConnectedEndpoint backed by a host fd imported at sentry startup,
The caller is responsible for calling Init(). Additionaly, Release needs to be called twice because ConnectedEndpoint is both a transport.Receiver and transport.ConnectedEndpoint.
func (*ConnectedEndpoint) CloseNotify ¶
func (c *ConnectedEndpoint) CloseNotify()
CloseNotify implements transport.ConnectedEndpoint.CloseNotify.
func (*ConnectedEndpoint) CloseRecv ¶
func (c *ConnectedEndpoint) CloseRecv()
CloseRecv implements transport.Receiver.CloseRecv.
func (*ConnectedEndpoint) CloseSend ¶
func (c *ConnectedEndpoint) CloseSend()
CloseSend implements transport.ConnectedEndpoint.CloseSend.
func (*ConnectedEndpoint) CloseUnread ¶
func (c *ConnectedEndpoint) CloseUnread()
CloseUnread implements transport.ConnectedEndpoint.CloseUnread.
func (*ConnectedEndpoint) EventUpdate ¶
func (c *ConnectedEndpoint) EventUpdate()
EventUpdate implements transport.ConnectedEndpoint.EventUpdate.
func (*ConnectedEndpoint) GetLocalAddress ¶
func (c *ConnectedEndpoint) GetLocalAddress() (tcpip.FullAddress, tcpip.Error)
GetLocalAddress implements transport.ConnectedEndpoint.GetLocalAddress.
func (*ConnectedEndpoint) Passcred ¶
func (c *ConnectedEndpoint) Passcred() bool
Passcred implements transport.ConnectedEndpoint.Passcred.
func (*ConnectedEndpoint) Readable ¶
func (c *ConnectedEndpoint) Readable() bool
Readable implements transport.Receiver.Readable.
func (*ConnectedEndpoint) Recv ¶
func (c *ConnectedEndpoint) Recv(ctx context.Context, data [][]byte, creds bool, numRights int, peek bool) (int64, int64, transport.ControlMessages, bool, tcpip.FullAddress, bool, *syserr.Error)
Recv implements transport.Receiver.Recv.
func (*ConnectedEndpoint) RecvMaxQueueSize ¶
func (c *ConnectedEndpoint) RecvMaxQueueSize() int64
RecvMaxQueueSize implements transport.Receiver.RecvMaxQueueSize.
func (*ConnectedEndpoint) RecvNotify ¶
func (c *ConnectedEndpoint) RecvNotify()
RecvNotify implements transport.Receiver.RecvNotify.
func (*ConnectedEndpoint) RecvQueuedSize ¶
func (c *ConnectedEndpoint) RecvQueuedSize() int64
RecvQueuedSize implements transport.Receiver.RecvQueuedSize.
func (*ConnectedEndpoint) Release ¶
func (c *ConnectedEndpoint) Release(ctx context.Context)
Release implements transport.ConnectedEndpoint.Release and transport.Receiver.Release.
func (*ConnectedEndpoint) Send ¶
func (c *ConnectedEndpoint) Send(ctx context.Context, data [][]byte, controlMessages transport.ControlMessages, from tcpip.FullAddress) (int64, bool, *syserr.Error)
Send implements transport.ConnectedEndpoint.Send.
func (*ConnectedEndpoint) SendMaxQueueSize ¶
func (c *ConnectedEndpoint) SendMaxQueueSize() int64
SendMaxQueueSize implements transport.Receiver.SendMaxQueueSize.
func (*ConnectedEndpoint) SendNotify ¶
func (c *ConnectedEndpoint) SendNotify()
SendNotify implements transport.ConnectedEndpoint.SendNotify.
func (*ConnectedEndpoint) SendQueuedSize ¶
func (c *ConnectedEndpoint) SendQueuedSize() int64
SendQueuedSize implements transport.Receiver.SendQueuedSize.
func (*ConnectedEndpoint) SetReceiveBufferSize ¶
func (c *ConnectedEndpoint) SetReceiveBufferSize(v int64) (newSz int64)
SetReceiveBufferSize implements transport.ConnectedEndpoint.SetReceiveBufferSize.
func (*ConnectedEndpoint) SetSendBufferSize ¶
func (c *ConnectedEndpoint) SetSendBufferSize(v int64) (newSz int64)
SetSendBufferSize implements transport.ConnectedEndpoint.SetSendBufferSize.
func (*ConnectedEndpoint) StateFields ¶
func (c *ConnectedEndpoint) StateFields() []string
func (*ConnectedEndpoint) StateLoad ¶
func (c *ConnectedEndpoint) StateLoad(stateSourceObject state.Source)
+checklocksignore
func (*ConnectedEndpoint) StateSave ¶
func (c *ConnectedEndpoint) StateSave(stateSinkObject state.Sink)
+checklocksignore
func (*ConnectedEndpoint) StateTypeName ¶
func (c *ConnectedEndpoint) StateTypeName() string
func (*ConnectedEndpoint) Writable ¶
func (c *ConnectedEndpoint) Writable() bool
Writable implements transport.ConnectedEndpoint.Writable.
type ConnectedEndpointRefs ¶
type ConnectedEndpointRefs struct {
// contains filtered or unexported fields
}
Refs implements refs.RefCounter. It keeps a reference count using atomic operations and calls the destructor when the count reaches zero.
+stateify savable
func (*ConnectedEndpointRefs) DecRef ¶
func (r *ConnectedEndpointRefs) DecRef(destroy func())
DecRef implements refs.RefCounter.DecRef.
Note that speculative references are counted here. Since they were added prior to real references reaching zero, they will successfully convert to real references. In other words, we see speculative references only in the following case:
A: TryIncRef [speculative increase => sees non-negative references] B: DecRef [real decrease] A: TryIncRef [transform speculative to real]
func (*ConnectedEndpointRefs) IncRef ¶
func (r *ConnectedEndpointRefs) IncRef()
IncRef implements refs.RefCounter.IncRef.
func (*ConnectedEndpointRefs) InitRefs ¶
func (r *ConnectedEndpointRefs) InitRefs()
InitRefs initializes r with one reference and, if enabled, activates leak checking.
func (*ConnectedEndpointRefs) LeakMessage ¶
func (r *ConnectedEndpointRefs) LeakMessage() string
LeakMessage implements refsvfs2.CheckedObject.LeakMessage.
func (*ConnectedEndpointRefs) LogRefs ¶
func (r *ConnectedEndpointRefs) LogRefs() bool
LogRefs implements refsvfs2.CheckedObject.LogRefs.
func (*ConnectedEndpointRefs) ReadRefs ¶
func (r *ConnectedEndpointRefs) ReadRefs() int64
ReadRefs returns the current number of references. The returned count is inherently racy and is unsafe to use without external synchronization.
func (*ConnectedEndpointRefs) RefType ¶
func (r *ConnectedEndpointRefs) RefType() string
RefType implements refsvfs2.CheckedObject.RefType.
func (*ConnectedEndpointRefs) StateFields ¶
func (r *ConnectedEndpointRefs) StateFields() []string
func (*ConnectedEndpointRefs) StateLoad ¶
func (r *ConnectedEndpointRefs) StateLoad(stateSourceObject state.Source)
+checklocksignore
func (*ConnectedEndpointRefs) StateSave ¶
func (r *ConnectedEndpointRefs) StateSave(stateSinkObject state.Sink)
+checklocksignore
func (*ConnectedEndpointRefs) StateTypeName ¶
func (r *ConnectedEndpointRefs) StateTypeName() string
func (*ConnectedEndpointRefs) TryIncRef ¶
func (r *ConnectedEndpointRefs) TryIncRef() bool
TryIncRef implements refs.RefCounter.TryIncRef.
To do this safely without a loop, a speculative reference is first acquired on the object. This allows multiple concurrent TryIncRef calls to distinguish other TryIncRef calls from genuine references held.
type NewFDOptions ¶
type NewFDOptions struct { // If Savable is true, the host file descriptor may be saved/restored by // numeric value; the sandbox API requires a corresponding host FD with the // same numeric value to be provieded at time of restore. Savable bool // If IsTTY is true, the file descriptor is a TTY. IsTTY bool // If HaveFlags is true, use Flags for the new file description. Otherwise, // the new file description will inherit flags from hostFD. HaveFlags bool Flags uint32 }
NewFDOptions contains options to NewFD.
type SCMConnectedEndpoint ¶
type SCMConnectedEndpoint struct { ConnectedEndpoint // contains filtered or unexported fields }
SCMConnectedEndpoint represents an endpoint backed by a host fd that was passed through a gofer Unix socket. It resembles ConnectedEndpoint, with the following differences: - SCMConnectedEndpoint is not saveable, because the host cannot guarantee the same descriptor number across S/R. - SCMConnectedEndpoint holds ownership of its fd and notification queue.
func NewSCMEndpoint ¶
func NewSCMEndpoint(ctx context.Context, hostFD int, queue *waiter.Queue, addr string) (*SCMConnectedEndpoint, *syserr.Error)
NewSCMEndpoint creates a new SCMConnectedEndpoint backed by a host fd that was passed through a Unix socket.
The caller is responsible for calling Init(). Additionaly, Release needs to be called twice because ConnectedEndpoint is both a transport.Receiver and transport.ConnectedEndpoint.
func (*SCMConnectedEndpoint) Init ¶
func (e *SCMConnectedEndpoint) Init() error
Init will do the initialization required without holding other locks.
func (*SCMConnectedEndpoint) Release ¶
func (e *SCMConnectedEndpoint) Release(ctx context.Context)
Release implements transport.ConnectedEndpoint.Release and transport.Receiver.Release.
type TTYFileDescription ¶
type TTYFileDescription struct {
// contains filtered or unexported fields
}
TTYFileDescription implements vfs.FileDescriptionImpl for a host file descriptor that wraps a TTY FD.
+stateify savable
func (*TTYFileDescription) ConfigureMMap ¶
ConfigureMMap implements vfs.FileDescriptionImpl.ConfigureMMap.
func (*TTYFileDescription) EventRegister ¶
EventRegister implements waiter.Waitable.EventRegister.
func (*TTYFileDescription) EventUnregister ¶
EventUnregister implements waiter.Waitable.EventUnregister.
func (*TTYFileDescription) ForegroundProcessGroup ¶
func (t *TTYFileDescription) ForegroundProcessGroup() *kernel.ProcessGroup
ForegroundProcessGroup returns the foreground process for the TTY.
func (*TTYFileDescription) InitForegroundProcessGroup ¶
func (t *TTYFileDescription) InitForegroundProcessGroup(pg *kernel.ProcessGroup)
InitForegroundProcessGroup sets the foreground process group and session for the TTY. This should only be called once, after the foreground process group has been created, but before it has started running.
func (*TTYFileDescription) Ioctl ¶
func (t *TTYFileDescription) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArguments) (uintptr, error)
Ioctl implements vfs.FileDescriptionImpl.Ioctl.
func (*TTYFileDescription) PRead ¶
func (t *TTYFileDescription) PRead(ctx context.Context, dst usermem.IOSequence, offset int64, opts vfs.ReadOptions) (int64, error)
PRead implements vfs.FileDescriptionImpl.PRead.
Reading from a TTY is only allowed for foreground process groups. Background process groups will either get EIO or a SIGTTIN.
func (*TTYFileDescription) PWrite ¶
func (t *TTYFileDescription) PWrite(ctx context.Context, src usermem.IOSequence, offset int64, opts vfs.WriteOptions) (int64, error)
PWrite implements vfs.FileDescriptionImpl.PWrite.
func (*TTYFileDescription) Read ¶
func (t *TTYFileDescription) Read(ctx context.Context, dst usermem.IOSequence, opts vfs.ReadOptions) (int64, error)
Read implements vfs.FileDescriptionImpl.Read.
Reading from a TTY is only allowed for foreground process groups. Background process groups will either get EIO or a SIGTTIN.
func (*TTYFileDescription) Readiness ¶
Readiness uses the poll() syscall to check the status of the underlying FD.
func (*TTYFileDescription) Release ¶
func (t *TTYFileDescription) Release(ctx context.Context)
Release implements fs.FileOperations.Release.
func (*TTYFileDescription) Seek ¶
Seek implements vfs.FileDescriptionImpl.Seek.
Note that we do not support seeking on directories, since we do not even allow directory fds to be imported at all.
func (*TTYFileDescription) SetStat ¶
func (f *TTYFileDescription) SetStat(ctx context.Context, opts vfs.SetStatOptions) error
SetStat implements vfs.FileDescriptionImpl.SetStat.
func (*TTYFileDescription) StateFields ¶
func (t *TTYFileDescription) StateFields() []string
func (*TTYFileDescription) StateLoad ¶
func (t *TTYFileDescription) StateLoad(stateSourceObject state.Source)
+checklocksignore
func (*TTYFileDescription) StateSave ¶
func (t *TTYFileDescription) StateSave(stateSinkObject state.Sink)
+checklocksignore
func (*TTYFileDescription) StateTypeName ¶
func (t *TTYFileDescription) StateTypeName() string
func (*TTYFileDescription) Write ¶
func (t *TTYFileDescription) Write(ctx context.Context, src usermem.IOSequence, opts vfs.WriteOptions) (int64, error)
Write implements vfs.FileDescriptionImpl.Write.