sandbox

package
v0.2403.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 15, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package sandbox implements the runtime provisioner for runtimes in sandboxed processes.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

func New(cfg Config) (host.Provisioner, error)

New creates a new runtime provisioner that uses a local process sandbox.

Types

type Config

type Config struct {
	// Connector is the runtime connector factory that is used to establish a connection with the
	// runtime via the Runtime Host Protocol.
	Connector ConnectorFactoryFunc

	// GetSandboxConfig is a function that generates the sandbox configuration. In case it is not
	// specified a default function is used.
	GetSandboxConfig GetSandboxConfigFunc

	// HostInfo provides information about the host environment.
	HostInfo *protocol.HostInfo

	// HostInitializer is a function that additionally initializes the runtime host. In case it is
	// not specified a default function is used.
	HostInitializer func(context.Context, *HostInitializerParams) (*host.StartedEvent, error)

	// Logger is an optional logger to use with this provisioner. In case it is not specified a
	// default logger will be created.
	Logger *logging.Logger

	// SandboxBinaryPath is the path to the sandbox support binary.
	SandboxBinaryPath string

	// InsecureNoSandbox disables the sandbox and runs the runtime binary directly.
	InsecureNoSandbox bool
}

Config contains the sandbox provisioner configuration options.

type Connector added in v0.2403.0

type Connector interface {
	// Configure configures the connector and/or process sandbox if needed.
	Configure(rtCfg *host.Config, cfg *process.Config) error

	// Connect establishes a connection to the runtime.
	Connect(p process.Process) (net.Conn, error)

	// Close releases any resources associated with the connector.
	Close()
}

Connector is the runtime connection establishment interface.

func NewUnixSocketConnector added in v0.2403.0

func NewUnixSocketConnector(logger *logging.Logger, runtimeDir string, sandboxed bool) (Connector, error)

NewUnixSocketConnector returns a new UNIX socket connector.

type ConnectorFactoryFunc added in v0.2403.0

type ConnectorFactoryFunc func(logger *logging.Logger, runtimeDir string, sandboxed bool) (Connector, error)

ConnectorFactoryFunc is the runtime connector factory function.

type GetSandboxConfigFunc added in v0.2400.0

type GetSandboxConfigFunc func(cfg host.Config, conn Connector, runtimeDir string) (process.Config, error)

GetSandboxConfigFunc is the function used to generate the sandbox configuration.

func DefaultGetSandboxConfig added in v0.2400.0

func DefaultGetSandboxConfig(logger *logging.Logger, sandboxBinaryPath string) GetSandboxConfigFunc

DefaultGetSandboxConfig is the default function for generating sandbox configuration.

type HostInitializerParams added in v0.2300.0

type HostInitializerParams struct {
	Runtime    host.Runtime
	Config     *host.Config
	Version    version.Version
	Process    process.Process
	Connection protocol.Connection

	NotifyUpdateCapabilityTEE <-chan struct{}
}

HostInitializerParams contains parameters for the HostInitializer function.

type UnixSocketConnector added in v0.2403.0

type UnixSocketConnector struct {
	// contains filtered or unexported fields
}

UnixSocketConnector is a runtime connector that uses a UNIX socket to communicate with the runtime.

func (*UnixSocketConnector) Close added in v0.2403.0

func (us *UnixSocketConnector) Close()

Close releases any resources associated with the connector.

func (*UnixSocketConnector) Configure added in v0.2403.0

func (us *UnixSocketConnector) Configure(_ *host.Config, cfg *process.Config) error

Configure configures the connector and/or process sandbox if needed.

func (*UnixSocketConnector) Connect added in v0.2403.0

func (us *UnixSocketConnector) Connect(p process.Process) (net.Conn, error)

Connect establishes a connection to the runtime.

func (*UnixSocketConnector) GetGuestSocketPath added in v0.2403.0

func (us *UnixSocketConnector) GetGuestSocketPath() string

GetGuestSocketPath returns the UNIX socket path on the guest.

Directories

Path Synopsis
Package process implements a process sandboxing mechanism.
Package process implements a process sandboxing mechanism.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL