Categorygithub.com/opencontainers/runclibcontainerutils
package
1.2.4
Repository: https://github.com/opencontainers/runc.git
Documentation: pkg.go.dev
Versions
2
Dependencies
14
Dependents
539
Files
439 SLOC

# Functions

Annotations returns the bundle path and user defined annotations from the libcontainer state.
CleanPath makes a path safe for use with filepath.Join.
CloseExecFrom sets the O_CLOEXEC flag on all file descriptors greater or equal to minFd in the current process.
EnsureProcHandle returns whether or not the given file handle is on procfs.
ExitStatus returns the correct exit status for a process based on if it was signaled or exited cleanly.
IsLexicallyInRoot is shorthand for strings.HasPrefix(path+"/", root+"/"), but properly handling the case where path or root are "/".
MkdirAllInRoot is a wrapper around MkdirAllInRootOpen which closes the returned handle, for callers that don't need to use it.
MkdirAllInRootOpen attempts to make path, _ := securejoin.SecureJoin(root, unsafePath) os.MkdirAll(path, mode) os.Open(path) safer against attacks where components in the path are changed between SecureJoin returning and MkdirAll (or Open) being called.
NewSockPair returns a new SOCK_STREAM unix socket pair.
Openat is a Go-friendly openat(2) wrapper.
ProcThreadSelf returns a string that is equivalent to /proc/thread-self/<subpath>, with a graceful fallback on older kernels where /proc/thread-self doesn't exist.
ProcThreadSelfFd is small wrapper around ProcThreadSelf to make it easier to create a /proc/thread-self handle for given file descriptor.
RecvFile waits for a file descriptor to be sent over the given AF_UNIX socket.
SearchLabels searches through a list of key=value pairs for a given key, returning its value, and the binary flag telling whether the key exist.
SendFile sends a file over the given AF_UNIX socket.
SendRawFd sends a specific file descriptor over the given AF_UNIX socket.
UnsafeCloseFrom closes all file descriptors greater or equal to minFd in the current process, except for those critical to Go's runtime (such as the netpoll management descriptors).
WithProcfd runs the passed closure with a procfd path (/proc/self/fd/...) corresponding to the unsafePath resolved within the root.
WriteJSON writes the provided struct v to w using standard json marshaling without a trailing newline.

# Constants

MaxNameLen is the maximum length of the name of a file descriptor being sent using SendFile.

# Type aliases