Directories
¶
| Path | Synopsis |
|---|---|
|
Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc.
|
Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc. |
|
fpu
Package fpu provides basic floating point helpers.
|
Package fpu provides basic floating point helpers. |
|
Package contexttest builds a test context.Context.
|
Package contexttest builds a test context.Context. |
|
Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process.
|
Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process. |
|
devices
|
|
|
memdev
Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c.
|
Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c. |
|
nvproxy
Package nvproxy implements proxying for the Nvidia GPU Linux kernel driver: https://github.com/NVIDIA/open-gpu-kernel-modules.
|
Package nvproxy implements proxying for the Nvidia GPU Linux kernel driver: https://github.com/NVIDIA/open-gpu-kernel-modules. |
|
nvproxy/nvconf
Package nvconf provides configuration structures and utilities for nvproxy.
|
Package nvconf provides configuration structures and utilities for nvproxy. |
|
tpuproxy
Package tpuproxy contains tpu backend driver proxy implementations and helper functions.
|
Package tpuproxy contains tpu backend driver proxy implementations and helper functions. |
|
tpuproxy/accel
Package accel implements a proxy for gasket based accel devices.
|
Package accel implements a proxy for gasket based accel devices. |
|
tpuproxy/util
Package util contains helper functions for tpuproxy implementations.
|
Package util contains helper functions for tpuproxy implementations. |
|
tpuproxy/vfio
Package vfio implements a proxy for VFIO devices.
|
Package vfio implements a proxy for VFIO devices. |
|
ttydev
Package ttydev implements a vfs.Device for /dev/tty.
|
Package ttydev implements a vfs.Device for /dev/tty. |
|
tundev
Package tundev implements the /dev/net/tun device.
|
Package tundev implements the /dev/net/tun device. |
|
Package fdimport provides the Import function.
|
Package fdimport provides the Import function. |
|
fsimpl
|
|
|
cgroupfs
Package cgroupfs implements cgroupfs.
|
Package cgroupfs implements cgroupfs. |
|
dev
Package dev provides a filesystem implementation for /dev.
|
Package dev provides a filesystem implementation for /dev. |
|
devpts
Package devpts provides a filesystem implementation that behaves like devpts.
|
Package devpts provides a filesystem implementation that behaves like devpts. |
|
devtmpfs
Package devtmpfs provides a singleton fsimpl/dev filesystem instance, analogous to Linux's devtmpfs.
|
Package devtmpfs provides a singleton fsimpl/dev filesystem instance, analogous to Linux's devtmpfs. |
|
erofs
Package erofs implements erofs.
|
Package erofs implements erofs. |
|
eventfd
Package eventfd implements event fds.
|
Package eventfd implements event fds. |
|
fuse
Package fuse implements fusefs.
|
Package fuse implements fusefs. |
|
gofer
Package gofer provides a filesystem implementation that is backed by a 9p server, interchangeably referred to as "gofers" throughout this package.
|
Package gofer provides a filesystem implementation that is backed by a 9p server, interchangeably referred to as "gofers" throughout this package. |
|
host
Package host provides a filesystem implementation for host files imported as file descriptors.
|
Package host provides a filesystem implementation for host files imported as file descriptors. |
|
iouringfs
Package iouringfs provides a filesystem implementation for IO_URING basing it on anonfs.
|
Package iouringfs provides a filesystem implementation for IO_URING basing it on anonfs. |
|
kernfs
Package kernfs provides the tools to implement inode-based filesystems.
|
Package kernfs provides the tools to implement inode-based filesystems. |
|
lock
Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks.
|
Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks. |
|
mqfs
Package mqfs provides a filesystem implementation to back POSIX message queues.
|
Package mqfs provides a filesystem implementation to back POSIX message queues. |
|
nsfs
Package nsfs provides the filesystem implementation backing Kernel.NsfsMount.
|
Package nsfs provides the filesystem implementation backing Kernel.NsfsMount. |
|
overlay
Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer").
|
Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer"). |
|
pipefs
Package pipefs provides the filesystem implementation backing Kernel.PipeMount.
|
Package pipefs provides the filesystem implementation backing Kernel.PipeMount. |
|
proc
Package proc implements a partial in-memory file system for procfs.
|
Package proc implements a partial in-memory file system for procfs. |
|
signalfd
Package signalfd provides basic signalfd file implementations.
|
Package signalfd provides basic signalfd file implementations. |
|
sockfs
Package sockfs provides a filesystem implementation for anonymous sockets.
|
Package sockfs provides a filesystem implementation for anonymous sockets. |
|
sys
Package sys implements sysfs.
|
Package sys implements sysfs. |
|
testutil
Package testutil provides common test utilities for kernfs-based filesystems.
|
Package testutil provides common test utilities for kernfs-based filesystems. |
|
timerfd
Package timerfd implements timer fds.
|
Package timerfd implements timer fds. |
|
tmpfs
Package tmpfs provides an in-memory filesystem whose contents are application-mutable, consistent with Linux's tmpfs.
|
Package tmpfs provides an in-memory filesystem whose contents are application-mutable, consistent with Linux's tmpfs. |
|
user
Package user contains methods for resolving filesystem paths based on the user and their environment.
|
Package user contains methods for resolving filesystem paths based on the user and their environment. |
|
Package fsmetric defines filesystem metrics.
|
Package fsmetric defines filesystem metrics. |
|
Package fsutil provides utilities for implementing vfs.FileDescriptionImpl and vfs.FilesystemImpl.
|
Package fsutil provides utilities for implementing vfs.FileDescriptionImpl and vfs.FilesystemImpl. |
|
Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel.
|
Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel. |
|
Package hostfd provides efficient I/O with host file descriptors.
|
Package hostfd provides efficient I/O with host file descriptors. |
|
Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem.
|
Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem. |
|
Package inet defines semantics for IP stacks.
|
Package inet defines semantics for IP stacks. |
|
Package kernel provides an emulation of the Linux kernel.
|
Package kernel provides an emulation of the Linux kernel. |
|
auth
Package auth implements an access control model that is a subset of Linux's.
|
Package auth implements an access control model that is a subset of Linux's. |
|
contexttest
Package contexttest provides a test context.Context which includes a dummy kernel pointing to a valid platform.
|
Package contexttest provides a test context.Context which includes a dummy kernel pointing to a valid platform. |
|
fasync
Package fasync provides FIOASYNC related functionality.
|
Package fasync provides FIOASYNC related functionality. |
|
futex
Package futex provides an implementation of the futex interface as found in the Linux kernel.
|
Package futex provides an implementation of the futex interface as found in the Linux kernel. |
|
ipc
Package ipc defines functionality and utilities common to sysvipc mechanisms.
|
Package ipc defines functionality and utilities common to sysvipc mechanisms. |
|
memevent
Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel.
|
Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel. |
|
mq
Package mq provides an implementation for POSIX message queues.
|
Package mq provides an implementation for POSIX message queues. |
|
msgqueue
Package msgqueue implements System V message queues.
|
Package msgqueue implements System V message queues. |
|
pipe
Package pipe provides a pipe implementation.
|
Package pipe provides a pipe implementation. |
|
sched
Package sched implements scheduler related features.
|
Package sched implements scheduler related features. |
|
semaphore
Package semaphore implements System V semaphores.
|
Package semaphore implements System V semaphores. |
|
shm
Package shm implements sysv shared memory segments.
|
Package shm implements sysv shared memory segments. |
|
Package ktime provides an API for clocks and timers implemented by the sentry.
|
Package ktime provides an API for clocks and timers implemented by the sentry. |
|
Package limits provides resource limits.
|
Package limits provides resource limits. |
|
Package loader loads an executable file into a MemoryManager.
|
Package loader loads an executable file into a MemoryManager. |
|
vdsodata
Package vdsodata contains a compiled VDSO object.
|
Package vdsodata contains a compiled VDSO object. |
|
Package memmap defines semantics for memory mappings.
|
Package memmap defines semantics for memory mappings. |
|
Package mm provides a memory management subsystem.
|
Package mm provides a memory management subsystem. |
|
Package pgalloc contains the page allocator subsystem, which provides allocatable memory that may be mapped into application address spaces.
|
Package pgalloc contains the page allocator subsystem, which provides allocatable memory that may be mapped into application address spaces. |
|
Package platform provides a Platform abstraction.
|
Package platform provides a Platform abstraction. |
|
interrupt
Package interrupt provides an interrupt helper.
|
Package interrupt provides an interrupt helper. |
|
kvm
Package kvm provides a kvm-based implementation of the platform interface.
|
Package kvm provides a kvm-based implementation of the platform interface. |
|
kvm/testutil
Package testutil provides common assembly stubs for testing.
|
Package testutil provides common assembly stubs for testing. |
|
platforms
Package platforms imports all available platform packages.
|
Package platforms imports all available platform packages. |
|
ptrace
Package ptrace provides a ptrace-based implementation of the platform interface.
|
Package ptrace provides a ptrace-based implementation of the platform interface. |
|
systrap
Package systrap provides a seccomp-based implementation of the platform interface.
|
Package systrap provides a seccomp-based implementation of the platform interface. |
|
systrap/sysmsg
Package sysmsg provides a stub signal handler and a communication protocol between stub threads and the Sentry.
|
Package sysmsg provides a stub signal handler and a communication protocol between stub threads and the Sentry. |
|
systrap/usertrap
Package usertrap implements the library to replace syscall instructions with function calls.
|
Package usertrap implements the library to replace syscall instructions with function calls. |
|
Package seccheck defines a structure for dynamically-configured security checks in the sentry.
|
Package seccheck defines a structure for dynamically-configured security checks in the sentry. |
|
sinks/null
Package null defines a seccheck.Sink that does nothing with the trace points, akin to /dev/null.
|
Package null defines a seccheck.Sink that does nothing with the trace points, akin to /dev/null. |
|
sinks/remote
Package remote defines a seccheck.Sink that serializes points to a remote process.
|
Package remote defines a seccheck.Sink that serializes points to a remote process. |
|
sinks/remote/server
Package server provides a common server implementation that can connect with remote.Remote.
|
Package server provides a common server implementation that can connect with remote.Remote. |
|
sinks/remote/test
Package test provides functionality used to test the remote sink.
|
Package test provides functionality used to test the remote sink. |
|
sinks/remote/wire
Package wire defines structs used in the wire format for the remote checker.
|
Package wire defines structs used in the wire format for the remote checker. |
|
Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation.
|
Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation. |
|
control
Package control provides internal representations of socket control messages.
|
Package control provides internal representations of socket control messages. |
|
hostinet
Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack.
|
Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack. |
|
netfilter
Package netfilter helps the sentry interact with netstack's netfilter capabilities.
|
Package netfilter helps the sentry interact with netstack's netfilter capabilities. |
|
netlink
Package netlink provides core functionality for netlink sockets.
|
Package netlink provides core functionality for netlink sockets. |
|
netlink/nlmsg
Package nlmsg provides helpers to parse and construct netlink messages.
|
Package nlmsg provides helpers to parse and construct netlink messages. |
|
netlink/port
Package port provides port ID allocation for netlink sockets.
|
Package port provides port ID allocation for netlink sockets. |
|
netlink/route
Package route provides a NETLINK_ROUTE socket protocol.
|
Package route provides a NETLINK_ROUTE socket protocol. |
|
netlink/uevent
Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol.
|
Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol. |
|
netstack
Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint.
|
Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint. |
|
plugin
Package plugin provides a set of interfaces to interact with third-party netstack.
|
Package plugin provides a set of interfaces to interact with third-party netstack. |
|
plugin/cgo
Package cgo provides interfaces definition to interact with third-party network stack.
|
Package cgo provides interfaces definition to interact with third-party network stack. |
|
plugin/stack
Package stack provides an implementation of plugin.PluginStack interface and an implementation of socket.Socket interface.
|
Package stack provides an implementation of plugin.PluginStack interface and an implementation of socket.Socket interface. |
|
unix
Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family.
|
Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family. |
|
unix/transport
Package transport contains the implementation of Unix endpoints.
|
Package transport contains the implementation of Unix endpoints. |
|
Package state provides high-level state wrappers.
|
Package state provides high-level state wrappers. |
|
Package strace implements the logic to print out the input and the return value of each traced syscall.
|
Package strace implements the logic to print out the input and the return value of each traced syscall. |
|
Package syscalls is the interface from the application to the kernel.
|
Package syscalls is the interface from the application to the kernel. |
|
linux
Package linux provides syscall tables for amd64 and arm64 Linux.
|
Package linux provides syscall tables for amd64 and arm64 Linux. |
|
Package time provides a calibrated clock synchronized to a system reference clock.
|
Package time provides a calibrated clock synchronized to a system reference clock. |
|
Package unimpl contains interface to emit events about unimplemented features.
|
Package unimpl contains interface to emit events about unimplemented features. |
|
Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers.
|
Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers. |
|
Package usage provides representations of resource usage.
|
Package usage provides representations of resource usage. |
|
Package vfs implements a virtual filesystem layer.
|
Package vfs implements a virtual filesystem layer. |
|
genericfstree
Package genericfstree provides tools for implementing vfs.FilesystemImpls where a single statically-determined lock or set of locks is sufficient to ensure that a Dentry's name and parent are contextually immutable.
|
Package genericfstree provides tools for implementing vfs.FilesystemImpls where a single statically-determined lock or set of locks is sufficient to ensure that a Dentry's name and parent are contextually immutable. |
|
memxattr
Package memxattr provides a default, in-memory extended attribute implementation.
|
Package memxattr provides a default, in-memory extended attribute implementation. |
|
Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hangs in the untrusted app.
|
Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hangs in the untrusted app. |
Click to show internal directories.
Click to hide internal directories.