Documentation
¶
Index ¶
- Constants
- Variables
- func Annotations(labels []string) (bundle string, userAnnotations map[string]string)
- func CleanPath(path string) string
- func CloseExecFrom(minFd int) error
- func EnsureProcHandle(fh *os.File) error
- func ExitStatus(status unix.WaitStatus) int
- func NewSockPair(name string) (parent *os.File, child *os.File, err error)
- func RecvFd(socket *os.File) (*os.File, error)
- func SearchLabels(labels []string, key string) (string, bool)
- func SendFd(socket *os.File, name string, fd uintptr) error
- func SendFds(socket *os.File, msg []byte, fds ...int) error
- func WithProcfd(root, unsafePath string, fn func(procfd string) error) error
- func WriteJSON(w io.Writer, v interface{}) error
Constants ¶
const MaxNameLen = 4096
MaxNameLen is the maximum length of the name of a file descriptor being sent using SendFd. The name of the file handle returned by RecvFd will never be larger than this value.
Variables ¶
var NativeEndian binary.ByteOrder
NativeEndian is the native byte order of the host system.
Functions ¶
func Annotations ¶
Annotations returns the bundle path and user defined annotations from the libcontainer state. We need to remove the bundle because that is a label added by libcontainer.
func CleanPath ¶
CleanPath makes a path safe for use with filepath.Join. This is done by not only cleaning the path, but also (if the path is relative) adding a leading '/' and cleaning it (then removing the leading '/'). This ensures that a path resulting from prepending another path will always resolve to lexically be a subdirectory of the prefixed path. This is all done lexically, so paths that include symlinks won't be safe as a result of using CleanPath.
func CloseExecFrom ¶
CloseExecFrom applies O_CLOEXEC to all file descriptors currently open for the process (except for those below the given fd value).
func EnsureProcHandle ¶
EnsureProcHandle returns whether or not the given file handle is on procfs.
func ExitStatus ¶
func ExitStatus(status unix.WaitStatus) int
ExitStatus returns the correct exit status for a process based on if it was signaled or exited cleanly
func NewSockPair ¶
NewSockPair returns a new unix socket pair
func RecvFd ¶
RecvFd waits for a file descriptor to be sent over the given AF_UNIX socket. The file name of the remote file descriptor will be recreated locally (it is sent as non-auxiliary data in the same payload).
func SearchLabels ¶
SearchLabels searches through a list of key=value pairs for a given key, returning its value, and the binary flag telling whether the key exist.
func SendFd ¶
SendFd sends a file descriptor over the given AF_UNIX socket. In addition, the file.Name() of the given file will also be sent as non-auxiliary data in the same payload (allowing to send contextual information for a file descriptor).
func WithProcfd ¶
WithProcfd runs the passed closure with a procfd path (/proc/self/fd/...) corresponding to the unsafePath resolved within the root. Before passing the fd, this path is verified to have been inside the root -- so operating on it through the passed fdpath should be safe. Do not access this path through the original path strings, and do not attempt to use the pathname outside of the passed closure (the file handle will be freed once the closure returns).
Types ¶
This section is empty.
Source Files