Package auth implements an access control model that is a subset of Linux's.

Package fasync provides FIOASYNC related functionality.

Package futex provides an implementation of the futex interface as found in the Linux kernel.

Package ipc defines functionality and utilities common to sysvipc mechanisms.

Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel.

Package mq provides an implementation for POSIX message queues.

Package msgqueue implements System V message queues.

Package pipe provides a pipe implementation.

Package sched implements scheduler related features.

Package semaphore implements System V semaphores.

Package shm implements sysv shared memory segments.

Package time defines the Timer type, which provides a periodic timer that works by sampling a user-provided clock.

ContextCanTrace returns true if ctx is permitted to trace t, in the same sense as kernel.Task.CanTrace.

ExtractErrno extracts an integer error number from the error.

IncrementUnimplementedSyscallCounter increments the "unimplemented syscall" metric for the given syscall number.

IPCNamespaceFromContext returns the IPC namespace in which ctx is executing, or nil if there is no such IPC namespace.

KernelFromContext returns the Kernel in which ctx is executing, or nil if there is no such Kernel.

LoadSeccheckData sets info from the task based on mask.

LoadSeccheckDataLocked sets info from the task based on mask.

LookupSyscallTable returns the SyscallCall table for the OS/Arch combination.

NewFSContext returns a new filesystem context.

NewIPCNamespace creates a new IPC namespace.

NewRootPIDNamespace creates the root PID namespace.

NewSignalHandlers returns a new SignalHandlers specifying all default actions.

NewTimekeeper returns a Timekeeper that is automatically kept up-to-date.

NewUTSNamespace creates a new UTS namespace.

NewVDSOParamPage returns a VDSOParamPage.

ParseCgroupController parses a string as a CgroupControllerType.

PIDNamespaceFromContext returns the PID namespace in which ctx is executing, or nil if there is no such PID namespace.

RegisterSyscallTable registers a new syscall table for use by a Kernel.

SeqAtomicLoad returns a copy of *ptr, ensuring that the read does not race with any writer critical sections in seq.

SeqAtomicTryLoad returns a copy of *ptr while in a reader critical section in seq initiated by a call to seq.BeginRead() that returned epoch.

SignalInfoNoInfo returns a SignalInfo equivalent to Linux's SEND_SIG_NOINFO.

SignalInfoPriv returns a SignalInfo equivalent to Linux's SEND_SIG_PRIV.

SyscallTables returns a read-only slice of registered SyscallTables.

TaskFromContext returns the Task associated with ctx, or nil if there is no such Task.

UTSNamespaceFromContext returns the UTS namespace in which ctx is executing, or nil if there is no such UTS namespace.

Available cgroup controllers.

Available cgroup controllers.

Available cgroup controllers.

Available cgroup controllers.

Available cgroup controllers.

Available cgroup controllers.

Available cgroup controllers.

CgroupResourcePID represents a charge for pids.current.

CtxCanTrace is a Context.Value key for a function with the same signature and semantics as kernel.Task.CanTrace.

CtxKernel is a Context.Value key for a Kernel.

CtxPIDNamespace is a Context.Value key for a PIDNamespace.

CtxTask is a Context.Value key for a Task.

CtxUTSNamespace is a Context.Value key for a UTSNamespace.

EventChildGroupStop occurs when a child thread group completes a group stop (i.e.

EventExit represents an exit notification generated for a child thread group leader or a tracee under the conditions specified in the comment above runExitNotify.

EventGroupContinue occurs when a child thread group, or a thread group whose leader is ptraced by a task in the notified thread group, that had initiated or completed a group stop leaves the group stop, due to the child thread group or any task in the child thread group being sent SIGCONT.

EventTraceeStop occurs when a task that is ptraced by a task in the notified thread group enters a ptrace stop (see ptrace(2)).

ExternalAfterEnable enables the external hook after syscall execution.

ExternalBeforeEnable enables the external hook before syscall execution.

enableLogging indicates whether reference-related events should be logged (with stack traces).

enableLogging indicates whether reference-related events should be logged (with stack traces).

InvalidCgroupHierarchyID indicates an uninitialized hierarchy ID.

InvalidCgroupID indicates an uninitialized cgroup ID.

MaxFdLimit defines the upper limit on the integer value of file descriptors.

enableLogging indicates whether reference-related events should be logged (with stack traces).

SecCheckEnter represents a schematized/enter syscall seccheck event.

SecCheckExit represents a schematized/exit syscall seccheck event.

SecCheckRawEnter represents raw/enter syscall seccheck event.

SecCheckRawExit represents raw/exit syscall seccheck event.

enableLogging indicates whether reference-related events should be logged (with stack traces).

Available signal actions.

Available signal actions.

Available signal actions.

Available signal actions.

Available signal actions.

SignalPanic is used to panic the running threads.

StraceEnableBits combines both strace log and event flags.

StraceEnableEvent enables syscall event tracing.

StraceEnableLog enables syscall log tracing.

SupportedCloneFlags is the bitwise OR of all the supported flags for clone.

SupportFull indicates the syscall is fully supported.

SupportPartial indicates the syscall is partially supported.

SupportUndocumented indicates the syscall is not documented yet.

SupportUnimplemented indicates the syscall is unimplemented.

TaskExitDead indicates that the task's thread IDs have been released, and the task no longer prevents its thread group leader from being reaped.

TaskExitInitiated indicates that the task goroutine has entered the exit path, and the task is no longer eligible to participate in group stops or group signal handling.

TaskExitNone indicates that the task has not begun exiting.

TaskExitZombie indicates that the task has released its resources, and the task no longer prevents a sibling thread from completing execve.

TaskGoroutineBlockedInterruptible indicates that the task goroutine is blocked in Task.block(), and hence may be woken by Task.interrupt() (e.g.

TaskGoroutineBlockedUninterruptible indicates that the task goroutine is stopped outside of Task.block() and Task.doStop(), and hence cannot be woken by Task.interrupt().

TaskGoroutineNonexistent indicates that the task goroutine has either not yet been created by Task.Start() or has returned from Task.run().

TaskGoroutineRunningApp indicates that the task goroutine is executing application code.

TaskGoroutineRunningSys indicates that the task goroutine is executing sentry code.

TaskGoroutineStopped indicates that the task goroutine is blocked in Task.doStop().

TasksLimit is the maximum number of threads for untrusted application.

CtrlDoExit is returned by the implementations of the exit and exit_group syscalls to enter the task exit path directly, skipping syscall exit tracing.

ErrNoWaitableEvent is returned by non-blocking Task.Waits (e.g.

obj is used to customize logging.

obj is used to customize logging.

IOUringEnabled is set to true when IO_URING is enabled.

MAX_RW_COUNT is the maximum size in bytes of a single read or write.

obj is used to customize logging.

obj is used to customize logging.

StopSignals is the set of signals whose default action is SignalActionStop.

UnblockableSignals contains the set of signals which cannot be blocked.

Cgroup represents a named pointer to a cgroup in cgroupfs.

CgroupMigrationContext represents an in-flight cgroup migration for a single task.

CgroupRegistry tracks the active set of cgroup controllers on the system.

CreateProcessArgs holds arguments to kernel.CreateProcess.

FDFlags define flags for an individual descriptor.

FDTable is used to manage File references and flags.

Refs implements refs.RefCounter.

FSContext contains filesystem context.

Refs implements refs.RefCounter.

InitKernelArgs holds arguments to Init.

IntervalTimer represents a POSIX interval timer as described by timer_create(2).

IPCNamespace represents an IPC namespace.

Kcov provides kernel coverage data to userspace through a memory-mapped region, as kcov does in Linux.

Kernel represents an emulated Linux kernel.

OldRSeqCriticalRegion describes an old rseq critical region.

A PIDNamespace represents a PID namespace, a bimap between thread IDs and tasks.

ProcessGroup contains an originator threadgroup and a parent Session.

Refs implements refs.RefCounter.

Session contains a leader threadgroup and a list of ProcessGroups.

Refs implements refs.RefCounter.

SignalHandlers holds information about signal actions.

SocketRecord represents a socket recorded in Kernel.sockets.

SpecialOpts contains non-standard options for the kernel.

Syscall includes the syscall implementation and compatibility information.

SyscallControl is returned by syscalls to control the behavior of Task.doSyscallInvoke.

SyscallFlagsTable manages a set of enable/disable bit fields on a per-syscall basis.

SyscallInfo provides generic information about the syscall.

SyscallTable is a lookup table of system calls.

Task represents a thread of execution in the untrusted app.

TaskCgroupEntry represents a line in /proc/<pid>/cgroup, and is used to format a cgroup for display.

TaskConfig defines the configuration of a new Task (see below).

TaskGoroutineSchedInfo contains task goroutine scheduling state which must be read and updated atomically.

TaskImage is the subset of a task's data that is provided by the loader.

A TaskSet comprises all tasks in a system.

A ThreadGroup is a logical grouping of tasks that has widespread significance to other kernel features (e.g.

Timekeeper manages all of the kernel clocks.

TTY defines the relationship between a thread group and its controlling terminal.

UTSNamespace represents a UTS namespace, a holder of two system identifiers: the hostname and domain name.

VDSOParamPage manages a VDSO parameter page.

Version defines the application-visible system version.

WaitOptions controls the behavior of Task.Wait.

WaitResult contains information about a waited-for event.

CgroupController is the common interface to cgroup controllers available to the entire sentry.

CgroupImpl is the common interface to cgroups.

Stracer traces syscall execution.

SyscallRestartBlock represents the restart block for a syscall restartable with a custom function.

A TaskStop is a condition visible to the task control flow graph that prevents a task goroutine from running or exiting, i.e.

TaskWorker is a deferred task.

AIOCallback is an function that does asynchronous I/O on behalf of a task.

Auxmap contains miscellaneous data for the task.

CgroupControllerType is the name of a cgroup controller.

CgroupResourceType represents a resource type tracked by a particular controller.

MissingFn is a syscall to be called when an implementation is missing.

ProcessGroupID is the public identifier.

SessionID is the public identifier.

SignalAction is an internal signal action.

SyscallFn is a syscall implementation.

SyscallSupportLevel is a syscall support levels.

SyscallToProto is a callback function that converts generic syscall data to schematized protobuf for the corresponding syscall.

TaskExitState represents a step in the task exit path.

TaskGoroutineState is a coarse representation of the current execution status of a kernel.Task goroutine.

ThreadID is a generic thread identifier.