Documentation ¶
Overview ¶
Package fsgofer implements p9.File giving access to local files using a simple mapping from a path prefix that is added to the path requested by the sandbox. Ex:
prefix: "/docker/imgs/alpine" app path: /bin/ls => /docker/imgs/alpine/bin/ls
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewAttachPoint ¶
NewAttachPoint creates a new attacher that gives local file access to all files under 'prefix'. 'prefix' must be an absolute path.
func OpenProcSelfFD ¶
func OpenProcSelfFD() error
OpenProcSelfFD opens the /proc/self/fd directory, which will be used to reopen file descriptors.
Types ¶
type Config ¶
type Config struct { // ROMount is set to true if this is a readonly mount. ROMount bool // PanicOnWrite panics on attempts to write to RO mounts. PanicOnWrite bool // HostUDS signals whether the gofer can mount a host's UDS. HostUDS bool // EnableVerityXattr allows access to extended attributes used by the // verity file system. EnableVerityXattr bool }
Config sets configuration options for each attach point.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised.
|
Package filter defines all syscalls the gofer is allowed to make, and installs seccomp filters to prevent prohibited syscalls in case it's compromised. |
Click to show internal directories.
Click to hide internal directories.