nsfix

package
v0.0.0-...-273f5df Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 31, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package nsfix helps to deal with switching to other process namespaces to execute some particular piece of code. While starting from Go 1.10 it's possible to switch to different non-mnt namespaces without the danger of corrupting other goroutines' state, there's still a problem of not being able to switch to another mount namespace from a Go program without the "constructor" hack. For more info, see https://stackoverflow.com/a/25707007/40846 https://github.com/golang/go/issues/8676

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HandleReexec

func HandleReexec()

HandleReexec handles executing the code in another namespace. If reexcution is requested, the function calls os.Exit() after handling it.

func RegisterReexec

func RegisterReexec(name string, handler ReexecHandler, arg interface{})

RegisterReexec registers the specified function as a reexec handler. arg specifies the argument type to pass. Note that if you pass somestruct{} as arg, the handler will receive *somestruct as its argument (i.e. a level of pointer indirection is added).

Types

type Call

type Call struct {
	// contains filtered or unexported fields
}

Call describes a call to be executed in network, mount, UTS and IPC namespaces of another process.

func NewCall

func NewCall(handlerName string) *Call

NewCall makes a new Call structure with specified handlerName using PID 1.

func (*Call) Arg

func (c *Call) Arg(arg interface{}) *Call

Arg sets argument for Call

func (*Call) DropPrivs

func (c *Call) DropPrivs() *Call

DropPrivs instructs Call to drop privileges in the new process

func (*Call) RemountSys

func (c *Call) RemountSys() *Call

RemountSys instructs Call to remount /sys in the new process

func (*Call) SpawnInNamespaces

func (c *Call) SpawnInNamespaces(ret interface{}) error

SpawnInNamespaces executes the specified handler using network, mount, UTS and IPC namespaces of the specified process. It passes the argument to the handler using JSON serialization. It then returns the value returned by the handler (also via JSON serialization + deserialization). If dropPrivs is true, the new process will execute using non-root uid/gid (using real uid/gid of the process if they're non-zero or 65534 which is nobody/nogroup)

func (*Call) SwitchToNamespaces

func (c *Call) SwitchToNamespaces() error

SwitchToNamespaces executes the specified handler using network, mount, UTS and IPC namespaces of the specified process. It passes the argument to the handler using JSON serialization. The current process gets replaced by the new one. If dropPrivs is true, the new process will execute using non-root uid/gid (using real uid/gid of the process if they're non-zero or 65534 which is nobody/nogroup)

func (*Call) TargetPid

func (c *Call) TargetPid(targetPid int) *Call

TargetPid sets target PID value for Call

type ReexecHandler

type ReexecHandler func(arg interface{}) (interface{}, error)

ReexecHandler is a function that can be passed to RegisterReexec to be executed my nsfix mechanism after self-reexec. arg can be safely casted to the type of arg passed to RegisterReexec plus one level of pointer inderection, i.e. if you pass somestruct{} to RegisterReexec you may cast arg safely to *somestruct.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL