IsNamespaceSupported returns whether a namespace is available or not.

NewCommandHooks will execute the provided command when the hook is run.

NewFunctionHooks will call the provided function when the hook is run.

NewThrottleDevice returns a configured ThrottleDevice pointer.

NewWeightDevice returns a configured WeightDevice pointer.

These are devices that are to be both allowed and created.

A rule to match a specific syscall argument in Seccomp.

Config defines configuration options for executing a process inside a contained environment.

HookState is the payload provided to a hook on execution.

IDMap represents UID/GID Mappings for User Namespaces.

Namespace defines configuration for each namespace.

Network defines configuration for a container's networking stack The network configuration can be omitted from a container causing the container to be setup with the host's networking stack.

Routes can be specified to create entries in the route table as the container is started All of destination, source, and gateway should be either IPv4 or IPv6.

Seccomp represents syscall restrictions By default, only the native architecture of the kernel is allowed to be used for syscalls.

An rule to match a syscall in Seccomp.

ThrottleDevice struct holds a `major:minor rate_per_second` pair.

WeightDevice struct holds a `major:minor weight`|`major:minor leaf_weight` pair.

An action to be taken upon rule match in Seccomp.

A comparison operator to be used when matching syscall arguments in Seccomp.