namespaces

package
v0.21.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 12, 2022 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

New returns a new zero'ed namespace object suitable for the specified type of namespace. Now this is a real-world case where the "nongonformist" rule of "accept interfaces, return structs" doesn't make sense, because struct types don't support polymorphism. On the other hand, thousands of blog posts and SO answers cannot be wrong, more so, the more upvotes they accumulated ;)

func NewWithSimpleRef

func NewWithSimpleRef(nstype species.NamespaceType, nsid species.NamespaceID, ref string) model.Namespace

NewWithSimpleRef returns a new zero'ed namespace object via New and takes a "simple" namespace reference path (as opposed to a full-blown reference path slice).

Types

type HierarchicalNamespace

type HierarchicalNamespace struct {
	PlainNamespace
	// contains filtered or unexported fields
}

HierarchicalNamespace stores hierarchy information in addition to the information for plain namespaces. Besides the interfaces for a plainNamespace, it additionally implements the public Hierarchy interface.

func (*HierarchicalNamespace) AddChild

func (hns *HierarchicalNamespace) AddChild(child model.Hierarchy)

AddChild adds a child namespace to this (parent) namespace. It panics in case a child is tried to be added twice to either the same parent or different parents.

func (*HierarchicalNamespace) Children

func (hns *HierarchicalNamespace) Children() []model.Hierarchy

Children returns a list of child PID or user namespaces for this PID or user namespace.

func (*HierarchicalNamespace) Parent

func (hns *HierarchicalNamespace) Parent() model.Hierarchy

Parent returns the parent user or PID namespace of this user or PID namespace. If there is no parent namespace or the parent namespace in inaccessible, then Parent returns nil.

func (*HierarchicalNamespace) ParentChildrenString

func (hns *HierarchicalNamespace) ParentChildrenString() string

ParentChildrenString just describes the parent and children of a hierarchical Linux kernel namespace, in a non-recursive form.

func (*HierarchicalNamespace) ResolveOwner

func (hns *HierarchicalNamespace) ResolveOwner(usernsmap model.NamespaceMap)

ResolveOwner sets the owning user namespace reference based on the owning user namespace id discovered earlier. Yes, we're repeating us ourselves with this method, because Golang is self-inflicted pain when trying to emulate inheritance using embedding ... note: it doesn't work correctly. The reason is that we need the use the correct instance pointer and not a pointer to an embedded instance when setting the "owned" relationship.

func (*HierarchicalNamespace) SetParent

func (hns *HierarchicalNamespace) SetParent(parent model.Hierarchy)

SetParent sets the parent namespace of this child namespace. It panics in case the parent would change.

func (*HierarchicalNamespace) String

func (hns *HierarchicalNamespace) String() string

String describes this instance of a hierarchical Linux kernel namespace, with its parent and children (but not grand-children). This description is non-recursive.

type HierarchyConfigurer

type HierarchyConfigurer interface {
	AddChild(child model.Hierarchy)
	SetParent(parent model.Hierarchy)
}

HierarchyConfigurer allows discovery and unmarshalling mechanisms to configure the information hold by hierarchical namespaces.

type NamespaceConfigurer

type NamespaceConfigurer interface {
	AddLeader(proc *model.Process)             // adds yet another self-styled leader.
	SetRef(ref model.NamespaceRef)             // sets a filesystem path for referencing this namespace.
	DetectOwner(nsr relations.Relation)        // detects owning user namespace id.
	SetOwner(usernsid species.NamespaceID)     // sets the owning user namespace id directly.
	ResolveOwner(usernsmap model.NamespaceMap) // resolves owner ns id into object reference.
}

NamespaceConfigurer allows discovery and unmarshalling mechanisms to set up the information for a namespace. This is a lxkns-internal interface needed by other lxkns subpackages.

type PlainNamespace

type PlainNamespace struct {
	// contains filtered or unexported fields
}

PlainNamespace stores useful information about a concrete Linux kernel namespace. It implements the interfaces Namespace, Hierarchy, Ownership, and NamespaceStringer. Additionally, it implements the package-private interface leaderAdder. (There, I did it. I documented implemented interfaces explicitly for clarity.)

func (*PlainNamespace) AddLeader

func (pns *PlainNamespace) AddLeader(proc *model.Process)

AddLeader joins another leader process to the lot of leaders in this namespace. It ensures that each leader appears only once in the list, even if AddLeader is called multiple times for the same leader process.

func (*PlainNamespace) DetectOwner

func (pns *PlainNamespace) DetectOwner(nsr relations.Relation)

DetectOwner gets the ownering user namespace id from Linux, and stores it for later resolution, after when we have a complete map of all user namespaces.

func (*PlainNamespace) Ealdorman

func (pns *PlainNamespace) Ealdorman() (p *model.Process)

Ealdorman returns the most senior leader process. The "most senior" process is the one which was created at the earliest, based on the start times from /proc/[PID]/stat.

Me thinks, me has read too many Bernard Cornwell books. Wyrd bið ful aræd.

func (*PlainNamespace) ID

ID returns the namespace identifier. This identifier is basically a tuple made of an inode number from the special "nsfs" namespace filesystem inside the Linux kernel, together with the device ID of the nsfs. IDs cannot be set as only the Linux allocates and manages them.

func (*PlainNamespace) LeaderPIDs

func (pns *PlainNamespace) LeaderPIDs() []model.PIDType

LeaderPIDs returns the list of leader PIDs. This is a convenience method for those use cases where just a list of leader process PIDs is needed, but not the leader Process objects themselves.

func (*PlainNamespace) LeaderString

func (pns *PlainNamespace) LeaderString() string

LeaderString returns a textual list of leader process names with PIDs, optionally including the associated container name.

func (*PlainNamespace) Leaders

func (pns *PlainNamespace) Leaders() []*model.Process

Leaders returns an unsorted list of Process-es which are joined to this namespace and which are the topmost processes in the process tree still joined to this namespace.

func (*PlainNamespace) Owner

func (pns *PlainNamespace) Owner() model.Ownership

Owner returns the user namespace "owning" this namespace. According to Linux-kernel rules, the owner of a user namespace is the parent of that user namespace.

func (*PlainNamespace) Ref

func (pns *PlainNamespace) Ref() model.NamespaceRef

Ref returns a filesystem path (or sequence of paths, see NamespaceRef for details) suitable for referencing this namespace. A zero ref indicates that there is no reference path available: this is the case for "hidden" PID and user namespaces sandwiched in between PID or user namespaces where reference paths are available, because these other namespaces have processes joined to them, or are either bind-mounted or fd-referenced. Hidden PID namespaces can appear only when there is no process in any of their child namespaces and the child PID namespace(s) is bind-mounted or fd-references (the parent PID namespace is then kept alive because the child PID namespaces are kept alive).

func (*PlainNamespace) ResolveOwner

func (pns *PlainNamespace) ResolveOwner(usernsmap model.NamespaceMap)

ResolveOwner sets the owning user namespace reference based on the owning user namespace id discovered earlier.

func (*PlainNamespace) SetOwner

func (pns *PlainNamespace) SetOwner(usernsid species.NamespaceID)

SetOwner set the namespace ID of the user namespace owning this namespace.

func (*PlainNamespace) SetRef

func (pns *PlainNamespace) SetRef(ref model.NamespaceRef)

SetRef sets a filesystem path to reference this namespace.

func (*PlainNamespace) String

func (pns *PlainNamespace) String() string

String describes this instance of a non-hierarchical ("plain") Linux kernel namespace.

func (*PlainNamespace) Type

func (pns *PlainNamespace) Type() species.NamespaceType

Type returns the type of namespace in form of one of the NamespaceType, such as species.CLONE_NEWNS, species.CLONE_NEWCGROUP, et cetera.

func (*PlainNamespace) TypeIDString

func (pns *PlainNamespace) TypeIDString() string

TypeIDString describes this instance of a Linux kernel namespace just by its type and identifier, and nothing else.

type UserConfigurer

type UserConfigurer interface {
	SetOwnerUID(uid int)
}

UserConfigurer allows discovery and unmarshalling mechanisms to configure the information hold by user namespaces.

type UserNamespace

type UserNamespace struct {
	HierarchicalNamespace
	// contains filtered or unexported fields
}

UserNamespace stores ownership information in addition to the information for hierarchical namespaces. On top of the interfaces supported by a hierarchicalNamespace, UserNamespace implements the Ownership interface.

func (*UserNamespace) AddChild

func (uns *UserNamespace) AddChild(child model.Hierarchy)

AddChild adds a child namespace to this (parent) namespace. It panics in case a child is tried to be added twice to either the same parent or different parents.

Note: we must reimplement this method here, as otherwise Golang will totally fubar because it calls the embedded hierarchicalNamespace.AddChild and will then set us not as a userNamespace parent, but instead as a hierarchicalNamespace parent. If this Golang design isn't a fubar, then I really don't know what a fubar is.

func (*UserNamespace) DetectUID

func (uns *UserNamespace) DetectUID(nsref relations.Relation)

DetectUID takes an open file referencing a user namespace to query its owner's UID and then stores it for this user namespace proxy.

func (*UserNamespace) Ownings

func (uns *UserNamespace) Ownings() model.AllNamespaces

Ownings returns all namespaces owned by this user namespace, with the exception of user namespaces. "Owned" user namespaces are actually child user namespaces, so they are returned through Hierarchy.Children() instead.

func (*UserNamespace) ResolveOwner

func (uns *UserNamespace) ResolveOwner(usernsmap model.NamespaceMap)

ResolveOwner sets the owning user namespace reference based on the owning user namespace id discovered earlier. Yes, we're repeating us ourselves with this method, because Golang is self-inflicted pain when trying to emulate inheritance using embedding ... note: it doesn't work correctly. The reason is that we need the use the correct instance pointer and not a pointer to an embedded instance when setting the "owned" relationship.

func (*UserNamespace) SetOwnerUID

func (uns *UserNamespace) SetOwnerUID(uid int)

SetOwnerUID sets the user ID which originally created this user namespace and thus is its owner.

func (*UserNamespace) String

func (uns *UserNamespace) String() string

String describes this instance of a user namespace, with its parent, children, and owned namespaces. This description is non-recursive.

func (*UserNamespace) UID

func (uns *UserNamespace) UID() int

UID returns the user ID of the process that created this user namespace.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL