sysctl

package
v0.30.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 12, 2024 License: Apache-2.0 Imports: 4 Imported by: 21

Documentation

Index

Constants

View Source
const (
	// refer to https://man7.org/linux/man-pages/man7/ipc_namespaces.7.html
	// the Linux IPC namespace
	IPCNamespace = Namespace("IPC")

	// refer to https://man7.org/linux/man-pages/man7/network_namespaces.7.html
	// the network namespace
	NetNamespace = Namespace("Net")

	// the zero value if no namespace is known
	UnknownNamespace = Namespace("")
)
View Source
const (

	// VMOvercommitMemory refers to the sysctl variable responsible for defining
	// the memory over-commit policy used by kernel.
	VMOvercommitMemory = "vm/overcommit_memory"
	// VMPanicOnOOM refers to the sysctl variable responsible for defining
	// the OOM behavior used by kernel.
	VMPanicOnOOM = "vm/panic_on_oom"
	// KernelPanic refers to the sysctl variable responsible for defining
	// the timeout after a panic for the kernel to reboot.
	KernelPanic = "kernel/panic"
	// KernelPanicOnOops refers to the sysctl variable responsible for defining
	// the kernel behavior when an oops or BUG is encountered.
	KernelPanicOnOops = "kernel/panic_on_oops"
	// RootMaxKeys refers to the sysctl variable responsible for defining
	// the maximum number of keys that the root user (UID 0 in the root user namespace) may own.
	RootMaxKeys = "kernel/keys/root_maxkeys"
	// RootMaxBytes refers to the sysctl variable responsible for defining
	// the maximum number of bytes of data that the root user (UID 0 in the root user namespace)
	// can hold in the payloads of the keys owned by root.
	RootMaxBytes = "kernel/keys/root_maxbytes"

	// VMOvercommitMemoryAlways represents that kernel performs no memory over-commit handling.
	VMOvercommitMemoryAlways = 1
	// VMPanicOnOOMInvokeOOMKiller represents that kernel calls the oom_killer function when OOM occurs.
	VMPanicOnOOMInvokeOOMKiller = 0

	// KernelPanicOnOopsAlways represents that kernel panics on kernel oops.
	KernelPanicOnOopsAlways = 1
	// KernelPanicRebootTimeout is the timeout seconds after a panic for the kernel to reboot.
	KernelPanicRebootTimeout = 10

	// RootMaxKeysSetting is the maximum number of keys that the root user (UID 0 in the root user namespace) may own.
	// Needed since docker creates a new key per container.
	RootMaxKeysSetting = 1000000
	// RootMaxBytesSetting is the maximum number of bytes of data that the root user (UID 0 in the root user namespace)
	// can hold in the payloads of the keys owned by root.
	// Allocate 25 bytes per key * number of MaxKeys.
	RootMaxBytesSetting = RootMaxKeysSetting * 25
)

Variables

This section is empty.

Functions

func NormalizeName added in v0.29.0

func NormalizeName(val string) string

NormalizeName can return sysctl variables in dots separator format. The '/' separator is also accepted in place of a '.'. Convert the sysctl variables to dots separator format for validation. More info:

https://man7.org/linux/man-pages/man8/sysctl.8.html
https://man7.org/linux/man-pages/man5/sysctl.d.5.html

Types

type Interface

type Interface interface {
	// GetSysctl returns the value for the specified sysctl setting
	GetSysctl(sysctl string) (int, error)
	// SetSysctl modifies the specified sysctl flag to the new value
	SetSysctl(sysctl string, newVal int) error
}

Interface is an injectable interface for running sysctl commands.

func New

func New() Interface

New returns a new Interface for accessing sysctl

type Namespace added in v0.29.0

type Namespace string

Namespace represents a kernel namespace name.

func GetNamespace added in v0.29.0

func GetNamespace(sysctl string) (ns Namespace, sysctlOrPrefix string, prefixed bool)

GetNamespace extracts information from a sysctl string. It returns:

  1. The sysctl namespace, which can be one of the following: IPC, Net, or unknown.
  2. sysctlOrPrefix: the prefix of the sysctl parameter until the first '*'. If there is no '*', it will be the original string.
  3. 'prefixed' is set to true if the sysctl parameter contains '*' or it is in the prefixToNamespace key list, in most cases, it is a suffix *.

For example, if the input sysctl is 'net.ipv6.neigh.*', GetNamespace will return: - The Net namespace - The sysctlOrPrefix as 'net.ipv6.neigh' - 'prefixed' set to true

For the input sysctl 'net.ipv6.conf.all.disable_ipv6', GetNamespace will return: - The Net namespace - The sysctlOrPrefix as 'net.ipv6.conf.all.disable_ipv6' - 'prefixed' set to false.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL