Documentation
¶
Overview ¶
Package process implements a process sandboxing mechanism.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// Path is the path to the binary that should be executed inside the sandbox.
Path string
// Args are the arguments passed to the executed binary.
Args []string
// Environment variables passed to the executed binary.
Env map[string]string
// BindRW is a set of read-write binds into the sandbox.
BindRW map[string]string
// BindRO is a set of read-only binds into the sandbox.
BindRO map[string]string
// BindDev is a set of device binds into the sandbox.
BindDev map[string]string
// BindData is a set of byte readers that should be bound into the sandbox.
BindData map[string]io.Reader
// Stdout is the writer that should be used for standard output. If not specified, the current
// process' os.Stdout will be used.
Stdout io.Writer
// Stderr is the writer that should be used for standard error. If not specified, the current
// process' os.Stderr will be used.
Stderr io.Writer
// SandboxBinaryPath is the path to the sandbox support binary.
SandboxBinaryPath string
// contains filtered or unexported fields
}
Config contains the sandbox configuration.
This is similar to the os/exec.Cmd structure.
type Process ¶
type Process interface {
// GetPID returns the process identifier of the sandbox running the given process.
GetPID() int
// Wait returns a channel that is closed when the process terminates. To retrieve the reason for
// the process termination, see Error().
Wait() <-chan struct{}
// Error returns the termination error (if any) for the process. In case the process has not yet
// terminated it will return nil.
Error() error
// Kill causes the sandboxed process to exit immediately.
Kill()
}
Process is a sandboxed process.
func NewBubbleWrap ¶
NewBubbleWrap creates a Bubblewrap-based sandbox.
Source Files
Click to show internal directories.
Click to hide internal directories.