Documentation
¶
Index ¶
- Constants
- Variables
- func FileExists(name string) bool
- func FileInfoSliceUniquify(s []os.FileInfo) []os.FileInfo
- func ProcessNsMatch(p1, p2 ProcessIface) bool
- type AccessMode
- type ChownSyscallPayload
- type ContainerIface
- type ContainerStateServiceIface
- type EmuResource
- type EmuResourceType
- type FileInfo
- type FuseServerIface
- type FuseServerServiceIface
- type GetxattrRespPayload
- type GetxattrSyscallPayload
- type GidInfoReqPayload
- type GidInfoRespPayload
- type HandlerBase
- type HandlerIface
- type HandlerRequest
- type HandlerServiceIface
- type IOServiceIface
- type IOServiceType
- type IOnodeIface
- type Inode
- type IpcServiceIface
- type ListxattrRespPayload
- type ListxattrSyscallPayload
- type LookupPayload
- type Mount
- type MountHelperIface
- type MountInfo
- type MountInfoParserIface
- type MountInfoRespPayload
- type MountInodeReqPayload
- type MountInodeRespPayload
- type MountServiceIface
- type MountSyscallPayload
- type NSenterEventIface
- type NSenterMessage
- type NSenterMsgHeader
- type NSenterMsgType
- type NSenterServiceIface
- type NStype
- type OpenFilePayload
- type PassthroughHandlerIface
- type ProcessIface
- type ProcessServiceIface
- type ReadDirPayload
- type ReadFilePayload
- type ReadLinkPayload
- type RemovexattrSyscallPayload
- type SetxattrSyscallPayload
- type SleepReqPayload
- type SyscallMonitorServiceIface
- type UidInfoReqPayload
- type UidInfoRespPayload
- type UmountSyscallPayload
- type WriteFilePayload
Constants ¶
View Source
const ( MaxUid = 0xFFFF MaxGid = 0xFFFF )
View Source
const (
SymlinkMax = 40
)
Variables ¶
View Source
var AllNSs = []NStype{ string(NStypeUser), string(NStypePid), string(NStypeNet), string(NStypeMount), string(NStypeIpc), string(NStypeCgroup), string(NStypeUts), }
View Source
var AllNSsButUser = []NStype{ string(NStypeMount), string(NStypePid), string(NStypeNet), string(NStypeIpc), string(NStypeCgroup), string(NStypeUts), }
Functions ¶
func FileExists ¶
FileExists reports whether the named file or directory exists.
func FileInfoSliceUniquify ¶
Utility function to eliminate duplicates from FileInfo slice. Notice that if duplicated elements are present, the first one is left untouched while the subsequent ones are eliminated.
func ProcessNsMatch ¶
func ProcessNsMatch(p1, p2 ProcessIface) bool
ProcessNsMatch returns true if the given processes are in the same namespaces.
Types ¶
type AccessMode ¶
type AccessMode uint32
const ( R_OK AccessMode = 0x4 // read ok W_OK AccessMode = 0x2 // write ok X_OK AccessMode = 0x1 // execute ok )
type ChownSyscallPayload ¶
type ContainerIface ¶
type ContainerIface interface {
//
// Getters
//
ID() string
InitPid() uint32
InitPidFd() libpidfd.PidFd
Ctime() time.Time
Data(name string, offset int64, data *[]byte) (int, error)
UID() uint32
GID() uint32
UidSize() uint32
GidSize() uint32
ProcRoPaths() []string
ProcMaskPaths() []string
InitProc() ProcessIface
ExtractInode(path string) (Inode, error)
IsMountInfoInitialized() bool
InitializeMountInfo() error
IsRootMount(info *MountInfo) (bool, error)
IsRootMountID(id int) (bool, error)
IsImmutableMount(info *MountInfo) (bool, error)
IsImmutableRoMount(info *MountInfo) (bool, error)
IsImmutableMountID(id int) bool
IsImmutableRoMountID(id int) bool
IsImmutableBindMount(info *MountInfo) bool
IsImmutableRoBindMount(info *MountInfo) bool
IsImmutableMountpoint(mp string) bool
IsImmutableRoMountpoint(mp string) bool
IsImmutableOverlapMountpoint(mp string) bool
IsRegistrationCompleted() bool
//
// Setters
//
SetData(name string, offset int64, data []byte) error
SetInitProc(pid, uid, gid uint32) error
SetRegistrationCompleted()
//
// Locks for read-modify-write operations on container data via the Data()
// and SetData() methods.
//
Lock()
Unlock()
}
Container interface.
type ContainerStateServiceIface ¶
type ContainerStateServiceIface interface {
Setup(
fss FuseServerServiceIface,
prs ProcessServiceIface,
ios IOServiceIface,
mts MountServiceIface)
ContainerCreate(
id string,
pid uint32,
ctime time.Time,
uidFirst uint32,
uidSize uint32,
gidFirst uint32,
gidSize uint32,
procRoPaths []string,
procMaskPaths []string,
service ContainerStateServiceIface) ContainerIface
ContainerPreRegister(id, netns string) error
ContainerRegister(c ContainerIface) error
ContainerUpdate(c ContainerIface) error
ContainerUnregister(c ContainerIface) error
ContainerLookupById(id string) ContainerIface
FuseServerService() FuseServerServiceIface
ProcessService() ProcessServiceIface
MountService() MountServiceIface
ContainerDBSize() int
}
ContainerStateService interface defines the APIs that sysbox-fs components must utilize to interact with the sysbox-fs state-storage backend.
type EmuResource ¶
type EmuResource struct {
Kind EmuResourceType
Mode os.FileMode
Size int64
Enabled bool
Mutex sync.Mutex
}
EmuResource represents the nodes being emulated by sysbox-fs.
The "mutex" variable is utilized to synchronize access among concurrent i/o operations made over the same host resource (e.g. if multiple processes within the same sys container or across different sys containers are accessing the same sysbox-fs emulated resource). By relying on a per-resource "mutex", and not a per-handler one, we are maximizing the level of concurrency that can be attained.
type EmuResourceType ¶
type EmuResourceType int
const ( UnknownEmuResource EmuResourceType = iota DirEmuResource FileEmuResource )
type FileInfo ¶
type FileInfo struct {
Fname string
Fsize int64
Fmode os.FileMode
FmodTime time.Time
FisDir bool
Fsys *syscall.Stat_t
}
FileInfo is sysbox-fs' implementation of os.FileInfo interface. A concrete type is required during serialization operations when exchanging state between sysbox-fs' main and its re-exec instances.
type FuseServerIface ¶
type FuseServerServiceIface ¶
type FuseServerServiceIface interface {
Setup(
mp string,
css ContainerStateServiceIface,
ios IOServiceIface,
hds HandlerServiceIface) error
CreateFuseServer(serveCntr, stateCntr ContainerIface) error
DestroyFuseServer(mp string) error
DestroyFuseService()
FuseServerCntrRegComplete(cntr ContainerIface) error
}
type GetxattrRespPayload ¶
type GetxattrSyscallPayload ¶
type GetxattrSyscallPayload struct {
Header NSenterMsgHeader
Syscall string `json:"syscall"`
Path string `json:"path"`
Name string `json:"name"`
Size uint64 `json:"size"`
}
type GidInfoReqPayload ¶
type GidInfoReqPayload struct {
Group string `json:"group"`
}
type GidInfoRespPayload ¶
type GidInfoRespPayload struct {
Gid string `json:"gid"`
}
type HandlerBase ¶
type HandlerBase struct {
// Camel-case representation of every handler path.
Name string
// Abs path of the resource emulated by the handler.
Path string
// Map of additional resources emulated by the handler (e.g., for handlers
// emulating directories, these would list any subdirs that they emulate).
EmuResourceMap map[string]*EmuResource
Enabled bool
// Pointer to the parent handler service.
Service HandlerServiceIface
}
HandlerBase is a type common to all the handlers.
HandlerBase type is used to bundle the different file-system operations that can be executed over sysbox-fs' emulated resources. As such, handlers are typically associated with a directory path inside of which there is at least one resource (file or subdir) that needs to be emulated.
Handlers can be paired with a file too though, but usually they are associated with directories to leverage the fact that, within a given directory, there are commonalities among the resources being emulated. Hence, this approach reduces the amount of duplicated code that would otherwise derive from handler sprawling.
The handler resources being emulated are stored within a map indexed by the resource name.
type HandlerIface ¶
type HandlerIface interface {
// FS operations.
Open(node IOnodeIface, req *HandlerRequest) (bool, error)
Lookup(n IOnodeIface, req *HandlerRequest) (os.FileInfo, error)
Read(node IOnodeIface, req *HandlerRequest) (int, error)
Write(node IOnodeIface, req *HandlerRequest) (int, error)
ReadDirAll(node IOnodeIface, req *HandlerRequest) ([]os.FileInfo, error)
ReadLink(node IOnodeIface, req *HandlerRequest) (string, error)
// getters/setters.
GetName() string
GetPath() string
GetEnabled() bool
SetEnabled(b bool)
GetService() HandlerServiceIface
SetService(hs HandlerServiceIface)
GetResourcesList() []string
GetResourceMutex(node IOnodeIface) *sync.Mutex
}
HandlerIface is the interface that each handler must implement
type HandlerRequest ¶
type HandlerRequest struct {
ID uint64
Name string
Path string
Pid uint32
Uid uint32
Gid uint32
SkipIdRemap bool
Offset int64
NoCache bool
Data []byte
Container ContainerIface
}
HandlerRequest represents a request to be processed by a handler
type HandlerServiceIface ¶
type HandlerServiceIface interface {
Setup(
hdlrs []HandlerIface,
ignoreErrors bool,
css ContainerStateServiceIface,
nss NSenterServiceIface,
prs ProcessServiceIface,
ios IOServiceIface)
RegisterHandler(h HandlerIface) error
UnregisterHandler(h HandlerIface) error
LookupHandler(i IOnodeIface) (HandlerIface, bool)
FindHandler(s string) (HandlerIface, bool)
EnableHandler(path string) error
DisableHandler(path string) error
// getters/setters
HandlersResourcesList() []string
GetPassThroughHandler() PassthroughHandlerIface
StateService() ContainerStateServiceIface
SetStateService(css ContainerStateServiceIface)
ProcessService() ProcessServiceIface
NSenterService() NSenterServiceIface
IOService() IOServiceIface
IgnoreErrors() bool
// Auxiliar methods.
HostUserNsInode() Inode
FindUserNsInode(pid uint32) (Inode, error)
HostUuid() string
FindHostUuid() (string, error)
}
type IOServiceIface ¶
type IOServiceIface interface {
NewIOnode(n string, p string, attr os.FileMode) IOnodeIface
RemoveAllIOnodes() error
GetServiceType() IOServiceType
}
type IOServiceType ¶
type IOServiceType = int
const ( Unknown IOServiceType = iota IOOsFileService // production / regular purposes IOMemFileService // unit-testing purposes )
type IOnodeIface ¶
type IOnodeIface interface {
Open() error
Read(p []byte) (n int, err error)
Write(p []byte) (n int, err error)
Close() error
Seek(offset int64, whence int) (int64, error)
ReadAt(p []byte, off int64) (n int, err error)
ReadDirAll() ([]os.FileInfo, error)
ReadFile() ([]byte, error)
ReadLine() (string, error)
ReadLink() (string, error)
WriteAt(p []byte, off int64) (n int, err error)
WriteFile(p []byte) error
Mkdir() error
MkdirAll() error
Stat() (os.FileInfo, error)
Lstat() (os.FileInfo, error)
SeekReset() (int64, error)
Remove() error
RemoveAll() error
//
// Required getters/setters.
//
Name() string
Path() string
OpenFlags() int
OpenMode() os.FileMode
GetNsInode() (Inode, error)
SetName(s string)
SetPath(s string)
SetOpenFlags(flags int)
SetOpenMode(mode os.FileMode)
}
type IpcServiceIface ¶
type IpcServiceIface interface {
Setup(
css ContainerStateServiceIface,
prs ProcessServiceIface,
ios IOServiceIface,
fuseMp string)
Init() error
}
type ListxattrRespPayload ¶
type ListxattrSyscallPayload ¶
type ListxattrSyscallPayload struct {
Header NSenterMsgHeader
Syscall string `json:"syscall"`
Path string `json:"path"`
Size uint64 `json:"size"`
}
type LookupPayload ¶
type Mount ¶
type Mount struct {
Source string `json:"source"`
Target string `json:"target"`
FsType string `json:"fstype"`
Flags uint64 `json:"flags"`
Data string `json:"data"`
}
Mount structure utilized to exchange mount-state across sysbox-fs components.
type MountHelperIface ¶
type MountHelperIface interface {
IsNewMount(flags uint64) bool
IsRemount(flags uint64) bool
IsBind(flags uint64) bool
IsMove(flags uint64) bool
HasPropagationFlag(flags uint64) bool
IsReadOnlyMount(flags uint64) bool
StringToFlags(s map[string]string) uint64
FilterFsFlags(fsOpts map[string]string) string
ProcMounts() []string
SysMounts() []string
}
Interface to define the mountHelper api.
type MountInfo ¶
type MountInfo struct {
// Mount identifier.
MountID int `json:"mountid"`
// Parent-mount identifier.
ParentID int `json:"parentid"`
// 'st_dev' value for files in FS.
MajorMinorVer string `json:"majorminorver"`
// File-system type.
FsType string `json:"fstype"`
// File-system specific information or "none".
Source string `json:"source"`
// Pathname of root of the mount within the FS.
Root string `json:"root"`
// Pathname of the mount point relative to the root.
MountPoint string `json:"mountpoint"`
// Mount-specific options.
Options map[string]string `json:"options"`
// Optional-fields.
OptionalFields map[string]string `json:"optionalfields"`
// Superblock options.
VfsOptions map[string]string `json:"vfsoptions"`
// FS inode corresponding to this mountpoint.
MpInode Inode `json:"mpinode"`
// Backpointer to mountInfoParser.
Mip MountInfoParserIface `json:"-"`
}
mountInfo reveals information about a particular mounted filesystem. This struct is populated from the content in the /proc/<pid>/mountinfo file. The fields described in each entry of /proc/self/mountinfo are described here: http://man7.org/linux/man-pages/man5/proc.5.html
Note: Defnition borrowed from OCI runc's mount package ...
36 35 98:0 /mnt1 /mnt2 rw,noatime master:1 - ext3 /dev/root rw,errors=continue (1)(2)(3) (4) (5) (6) (7) (8) (9) (10) (11) (1) mount ID: unique identifier of the mount (may be reused after umount) (2) parent ID: ID of parent (or of self for the top of the mount tree) (3) major:minor: value of st_dev for files on filesystem (4) root: root of the mount within the filesystem (5) mount point: mount point relative to the process's root (6) mount options: per mount options (7) optional fields: zero or more fields of the form "tag[:value]" (8) separator: marks the end of the optional fields (9) filesystem type: name of filesystem of the form "type[.subtype]" (10) mount source: filesystem specific information or "none" (11) super options: per super block options*/
type MountInfoParserIface ¶
type MountInfoParserIface interface {
GetProcessID() uint32
GetInfo(mountpoint string) *MountInfo
GetParentMount(info *MountInfo) *MountInfo
LookupByMountID(id int) *MountInfo
LookupByMountpoint(mp string) *MountInfo
IsSysboxfsBaseMount(mountpoint string) bool
IsSysboxfsBaseRoMount(mountpoint string) bool
IsSysboxfsSubmount(mountpoint string) bool
IsSysboxfsRoSubmount(mountpoint string) bool
IsSysboxfsMaskedSubmount(mountpoint string) bool
GetSysboxfsSubMounts(basemount string) []string
HasNonSysboxfsSubmount(basemount string) bool
IsRecursiveBindMount(info *MountInfo) bool
IsSelfMount(info *MountInfo) bool
IsOverlapMount(info *MountInfo) bool
IsRoMount(info *MountInfo) bool
IsBindMount(info *MountInfo) bool
IsRoBindMount(info *MountInfo) bool
IsRootMount(info *MountInfo) (bool, error)
IsCloneMount(info *MountInfo, readonly bool) (bool, error)
ExtractMountInfo() ([]byte, error)
ExtractInode(mp string) (Inode, error)
ExtractAncestorInodes(info *MountInfo) error
}
Interface to define the mountInfoParser api.
type MountInfoRespPayload ¶
type MountInfoRespPayload struct {
Data []byte `json:"data"`
}
type MountInodeReqPayload ¶
type MountInodeReqPayload struct {
Mountpoints []string `json:"mountpoints"`
}
type MountInodeRespPayload ¶
type MountInodeRespPayload struct {
MpInodes []Inode `json:"mpinodes"`
}
type MountServiceIface ¶
type MountServiceIface interface {
Setup(
css ContainerStateServiceIface,
hds HandlerServiceIface,
prs ProcessServiceIface,
nss NSenterServiceIface)
NewMountInfoParser(
c ContainerIface,
process ProcessIface,
launchParser bool,
fetchOptions bool,
fetchInodes bool) (MountInfoParserIface, error)
NewMountHelper() MountHelperIface
MountHelper() MountHelperIface
}
Service interface to expose mount-service's components.
type MountSyscallPayload ¶
type MountSyscallPayload struct {
Header NSenterMsgHeader
Mount
}
type NSenterEventIface ¶
type NSenterEventIface interface {
SendRequest() error
TerminateRequest() error
ReceiveResponse() *NSenterMessage
SetRequestMsg(m *NSenterMessage)
GetRequestMsg() *NSenterMessage
SetResponseMsg(m *NSenterMessage)
GetResponseMsg() *NSenterMessage
GetProcessID() uint32
}
NSenterEvent struct serves as a transport abstraction (envelope) to carry all the potential messages that can be exchanged between sysbox-fs master instance and secondary (forked) ones. These sysbox-fs' auxiliary instances are utilized to perform actions over namespaced resources, and as such, cannot be executed by sysbox-fs' main instance.
Every bidirectional transaction is represented by an event structure (nsenterEvent), which holds both 'request' and 'response' messages, as well as the context necessary to complete any action demanding inter-namespace message exchanges.
type NSenterMessage ¶
type NSenterMessage struct {
// Message type being exchanged.
Type NSenterMsgType `json:"message"`
// Message payload.
Payload interface{} `json:"payload"`
}
NSenterMessage struct defines the layout of the messages being exchanged between sysbox-fs 'main' and 'forked' ones.
type NSenterMsgHeader ¶
type NSenterMsgType ¶
type NSenterMsgType = string
const ( LookupRequest NSenterMsgType = "lookupRequest" LookupResponse NSenterMsgType = "lookupResponse" OpenFileRequest NSenterMsgType = "openFileRequest" OpenFileResponse NSenterMsgType = "openFileResponse" ReadFileRequest NSenterMsgType = "readFileRequest" ReadFileResponse NSenterMsgType = "readFileResponse" WriteFileRequest NSenterMsgType = "writeFileRequest" WriteFileResponse NSenterMsgType = "writeFileResponse" ReadDirRequest NSenterMsgType = "readDirRequest" ReadDirResponse NSenterMsgType = "readDirResponse" ReadLinkRequest NSenterMsgType = "readLinkRequest" ReadLinkResponse NSenterMsgType = "readLinkResponse" MountSyscallRequest NSenterMsgType = "mountSyscallRequest" MountSyscallResponse NSenterMsgType = "mountSyscallResponse" UmountSyscallRequest NSenterMsgType = "umountSyscallRequest" UmountSyscallResponse NSenterMsgType = "umountSyscallResponse" ChownSyscallRequest NSenterMsgType = "chownSyscallRequest" ChownSyscallResponse NSenterMsgType = "chownSyscallResponse" MountInfoRequest NSenterMsgType = "mountInfoRequest" MountInfoResponse NSenterMsgType = "mountInfoResponse" MountInodeRequest NSenterMsgType = "mountInodeRequest" MountInodeResponse NSenterMsgType = "mountInodeResponse" SleepRequest NSenterMsgType = "sleepRequest" SleepResponse NSenterMsgType = "sleepResponse" SetxattrSyscallRequest NSenterMsgType = "setxattrSyscallRequest" SetxattrSyscallResponse NSenterMsgType = "setxattrSyscallResponse" GetxattrSyscallRequest NSenterMsgType = "getxattrSyscallRequest" GetxattrSyscallResponse NSenterMsgType = "getxattrSyscallResponse" RemovexattrSyscallRequest NSenterMsgType = "RemovexattrSyscallRequest" RemovexattrSyscallResponse NSenterMsgType = "RemovexattrSyscallResponse" ListxattrSyscallRequest NSenterMsgType = "ListxattrSyscallRequest" ListxattrSyscallResponse NSenterMsgType = "ListxattrSyscallResponse" UidInfoRequest NSenterMsgType = "uidInfoRequest" UidInfoResponse NSenterMsgType = "uidInfoResponse" GidInfoRequest NSenterMsgType = "gidInfoRequest" GidInfoResponse NSenterMsgType = "gidInfoResponse" ErrorResponse NSenterMsgType = "errorResponse" )
NSenterEvent types. Define all possible messages that can be handled by nsenterEvent class.
type NSenterServiceIface ¶
type NSenterServiceIface interface {
NewEvent(
pid uint32,
ns *[]NStype,
cloneFlags uint32,
req *NSenterMessage,
res *NSenterMessage,
async bool) NSenterEventIface
Setup(prs ProcessServiceIface, mts MountServiceIface)
SendRequestEvent(e NSenterEventIface) error
ReceiveResponseEvent(e NSenterEventIface) *NSenterMessage
TerminateRequestEvent(e NSenterEventIface) error
GetEventProcessID(e NSenterEventIface) uint32
}
NSenterService interface serves as a wrapper construct to provide a communication channel between sysbox-fs 'master' and sysbox-fs 'child' entities. See more details further below.
type OpenFilePayload ¶
type PassthroughHandlerIface ¶
type PassthroughHandlerIface interface {
HandlerIface
OpenWithNS(node IOnodeIface, req *HandlerRequest, namespaces []NStype) (bool, error)
ReadWithNS(node IOnodeIface, req *HandlerRequest, namespaces []NStype) (int, error)
WriteWithNS(node IOnodeIface, req *HandlerRequest, namespaces []NStype) (int, error)
}
type ProcessIface ¶
type ProcessIface interface {
Pid() uint32
Uid() uint32
Gid() uint32
Cwd() string
Root() string
RootInode() uint64
SGid() []uint32
UidMap() ([]user.IDMap, error)
GidMap() ([]user.IDMap, error)
IsCapabilitySet(cap.CapType, cap.Cap) bool
IsSysAdminCapabilitySet() bool
NsInodes() (map[string]Inode, error)
MountNsInode() (Inode, error)
NetNsInode() (Inode, error)
UserNsInode() (Inode, error)
UserNsInodeParent() (Inode, error)
UsernsRootUidGid() (uint32, uint32, error)
CreateNsInodes(Inode) error
PathAccess(path string, accessFlags AccessMode, followSymlink bool) (string, error)
ResolveProcSelf(string) (string, error)
GetEffCaps() [2]uint32
SetEffCaps(caps [2]uint32)
GetFd(int32) (string, error)
AdjustPersonality(
uid uint32,
gid uint32,
root string,
cwd string,
caps [2]uint32) error
}
type ProcessServiceIface ¶
type ProcessServiceIface interface {
Setup(ios IOServiceIface)
ProcessCreate(pid uint32, uid uint32, gid uint32) ProcessIface
}
type ReadDirPayload ¶
type ReadFilePayload ¶
type ReadLinkPayload ¶
type SetxattrSyscallPayload ¶
type SleepReqPayload ¶
type SleepReqPayload struct {
Ival string `json:"attr"`
}
type SyscallMonitorServiceIface ¶
type SyscallMonitorServiceIface interface {
Setup(
nss NSenterServiceIface,
css ContainerStateServiceIface,
prs ProcessServiceIface,
mts MountServiceIface,
allowImmutableRemounts bool,
allowImmutableUnmounts bool)
}
type UidInfoReqPayload ¶
type UidInfoReqPayload struct {
User string `json:"user"`
}
type UidInfoRespPayload ¶
type UidInfoRespPayload struct {
Uid string `json:"uid"`
}
type UmountSyscallPayload ¶
type UmountSyscallPayload struct {
Header NSenterMsgHeader
Mount
}
Source Files
Click to show internal directories.
Click to hide internal directories.