sandbox

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 25, 2025 License: MIT Imports: 25 Imported by: 0

Documentation

Overview

Package sandbox implements unprivileged Linux container with hardening options useful for creating application sandboxes.

Index

Constants

View Source 
const (
	BindOptional = 1 << iota
	BindWritable
	BindDevice
)
View Source 
const (
	O_PATH = 0x200000

	PR_SET_NO_NEW_PRIVS = 0x26

	CAP_SYS_ADMIN = 0x15
	CAP_SETPCAP   = 0x8
)
View Source 
const (
	SUID_DUMP_DISABLE = iota
	SUID_DUMP_USER
)
View Source 
const (
	PR_CAP_AMBIENT           = 0x2f
	PR_CAP_AMBIENT_RAISE     = 0x2
	PR_CAP_AMBIENT_CLEAR_ALL = 0x4
)

Variables

View Source 
var (
	ErrNotSet  = errors.New("environment variable not set")
	ErrInvalid = errors.New("bad file descriptor")
)

Functions

func IgnoringEINTR 

func IgnoringEINTR(fn func() error) error

IgnoringEINTR makes a function call and repeats it if it returns an EINTR error. This appears to be required even though we install all signal handlers with SA_RESTART: see #22838, #38033, #38836, #40846. Also #20400 and #36644 are issues in which a signal handler is installed without setting SA_RESTART. None of these are the common case, but there are enough of them that it seems that we can't avoid an EINTR loop.

func Init 

func Init(prepare func(prefix string), setVerbose func(verbose bool))

func LastCap added in v0.3.1 

func LastCap() uintptr

func MustExecutable 

func MustExecutable() string

func OverflowGid 

func OverflowGid() int

func OverflowUid 

func OverflowUid() int

func Receive 

func Receive(key string, e any, v **os.File) (func() error, error)

Receive retrieves setup fd from the environment and receives params.

func SetDumpable 

func SetDumpable(dumpable uintptr) error

func SetOutput 

func SetOutput(v Msg)

func Setup 

func Setup(extraFiles *[]*os.File) (int, *gob.Encoder, error)

Setup appends the read end of a pipe for setup params transmission and returns its fd.

func TryArgv0 

func TryArgv0(v Msg, prepare func(prefix string), setVerbose func(verbose bool))

TryArgv0 calls Init if the last element of argv0 is "init".

Types

type AutoEtc added in v0.4.0 

type AutoEtc struct{ Prefix string }

AutoEtc expands host /etc into a toplevel symlink mirror with /etc semantics. This is not a generic setup op. It is implemented here to reduce ipc overhead.

func (*AutoEtc) Is added in v0.4.0 

func (e *AutoEtc) Is(op Op) bool

func (*AutoEtc) String added in v0.4.0 

func (e *AutoEtc) String() string

type BindMount 

type BindMount struct {
	Source, SourceFinal, Target string

	Flags int
}

BindMount bind mounts host path Source on container path Target.

func (*BindMount) Is 

func (b *BindMount) Is(op Op) bool

func (*BindMount) String 

func (b *BindMount) String() string

type Container 

type Container struct {

	// Cgroup fd, nil to disable.
	Cgroup *int
	// ExtraFiles passed through to initial process in the container,
	// with behaviour identical to its [exec.Cmd] counterpart.
	ExtraFiles []*os.File

	// Custom [exec.Cmd] initialisation function.
	CommandContext func(ctx context.Context) (cmd *exec.Cmd)

	Stdin  io.Reader
	Stdout io.Writer
	Stderr io.Writer

	Cancel    func(cmd *exec.Cmd) error
	WaitDelay time.Duration

	Params
	// contains filtered or unexported fields
}

Container represents a container environment being prepared or run. None of Container methods are safe for concurrent use.

func New 

func New(ctx context.Context, name string, args ...string) *Container

func (*Container) Serve 

func (p *Container) Serve() error

func (*Container) Start 

func (p *Container) Start() error

func (*Container) String 

func (p *Container) String() string

func (*Container) Wait 

func (p *Container) Wait() error

type DefaultMsg 

type DefaultMsg struct {
	// contains filtered or unexported fields
}

func (*DefaultMsg) BeforeExit 

func (msg *DefaultMsg) BeforeExit()

func (*DefaultMsg) IsVerbose 

func (msg *DefaultMsg) IsVerbose() bool

func (*DefaultMsg) PrintBaseErr 

func (msg *DefaultMsg) PrintBaseErr(err error, fallback string)

func (*DefaultMsg) Resume 

func (msg *DefaultMsg) Resume() bool

func (*DefaultMsg) Suspend 

func (msg *DefaultMsg) Suspend()

func (*DefaultMsg) Verbose 

func (msg *DefaultMsg) Verbose(v ...any)

func (*DefaultMsg) Verbosef 

func (msg *DefaultMsg) Verbosef(format string, v ...any)

func (*DefaultMsg) WrapErr 

func (msg *DefaultMsg) WrapErr(err error, a ...any) error

type HardeningFlags 

type HardeningFlags uintptr
const (
	FSyscallCompat HardeningFlags = 1 << iota
	FAllowDevel
	FAllowUserns
	FAllowTTY
	FAllowNet
)

type Mkdir 

type Mkdir struct {
	Path string
	Perm os.FileMode
}

Mkdir creates a directory in the container filesystem.

func (*Mkdir) Is 

func (m *Mkdir) Is(op Op) bool

func (*Mkdir) String 

func (m *Mkdir) String() string

type MountDev 

type MountDev string

MountDev mounts part of host dev.

func (MountDev) Is 

func (d MountDev) Is(op Op) bool

func (MountDev) String 

func (d MountDev) String() string

type MountMqueue 

type MountMqueue string

MountMqueue mounts a private mqueue instance on container Path.

func (MountMqueue) Is 

func (m MountMqueue) Is(op Op) bool

func (MountMqueue) String 

func (m MountMqueue) String() string

type MountProc 

type MountProc string

MountProc mounts a private instance of proc.

func (MountProc) Is 

func (p MountProc) Is(op Op) bool

func (MountProc) String 

func (p MountProc) String() string

type MountTmpfs 

type MountTmpfs struct {
	Path string
	Size int
	Perm os.FileMode
}

MountTmpfs mounts tmpfs on container Path.

func (*MountTmpfs) Is 

func (t *MountTmpfs) Is(op Op) bool

func (*MountTmpfs) String 

func (t *MountTmpfs) String() string

type Msg 

type Msg interface {
	IsVerbose() bool
	Verbose(v ...any)
	Verbosef(format string, v ...any)
	WrapErr(err error, a ...any) error
	PrintBaseErr(err error, fallback string)

	Suspend()
	Resume() bool

	BeforeExit()
}

func GetOutput 

func GetOutput() Msg

type Op 

type Op interface {
	Is(op Op) bool
	fmt.Stringer
	// contains filtered or unexported methods
}

type Ops 

type Ops []Op

func (*Ops) Bind 

func (f *Ops) Bind(source, target string, flags int) *Ops

func (*Ops) Dev 

func (f *Ops) Dev(dest string) *Ops

func (*Ops) Etc added in v0.4.0 

func (f *Ops) Etc(host, prefix string) *Ops

func (*Ops) Grow added in v0.3.3 

func (f *Ops) Grow(n int)
func (f *Ops) Link(target, linkName string) *Ops

func (*Ops) Mkdir 

func (f *Ops) Mkdir(dest string, perm os.FileMode) *Ops

func (*Ops) Mqueue 

func (f *Ops) Mqueue(dest string) *Ops

func (*Ops) Place 

func (f *Ops) Place(name string, data []byte) *Ops

func (*Ops) PlaceP 

func (f *Ops) PlaceP(name string, dataP **[]byte) *Ops

func (*Ops) Proc 

func (f *Ops) Proc(dest string) *Ops

func (*Ops) Tmpfs 

func (f *Ops) Tmpfs(dest string, size int, perm os.FileMode) *Ops

type Params 

type Params struct {
	// Working directory in the container.
	Dir string
	// Initial process environment.
	Env []string
	// Absolute path of initial process in the container. Overrides name.
	Path string
	// Initial process argv.
	Args []string

	// Mapped Uid in user namespace.
	Uid int
	// Mapped Gid in user namespace.
	Gid int
	// Hostname value in UTS namespace.
	Hostname string
	// Sequential container setup ops.
	*Ops
	// Extra seccomp options.
	Seccomp seccomp.FilterOpts
	// Permission bits of newly created parent directories.
	// The zero value is interpreted as 0755.
	ParentPerm os.FileMode
	// Retain CAP_SYS_ADMIN.
	Privileged bool

	Flags HardeningFlags
}

Params holds container configuration and is safe to serialise. 

type Symlink [2]string

Symlink creates a symlink in the container filesystem.

func (*Symlink) Is 

func (l *Symlink) Is(op Op) bool

func (*Symlink) String 

func (l *Symlink) String() string

type Tmpfile 

type Tmpfile struct {
	Path string
	Data []byte
}

Tmpfile places a file in container Path containing Data.

func (*Tmpfile) Is 

func (t *Tmpfile) Is(op Op) bool

func (*Tmpfile) String 

func (t *Tmpfile) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package seccomp provides filter presets and high level wrappers around libseccomp.
 Package seccomp provides filter presets and high level wrappers around libseccomp.
Package vfs provides bindings and iterators over proc_pid_mountinfo(5).
 Package vfs provides bindings and iterators over proc_pid_mountinfo(5).
Package wl implements Wayland security_context_v1 protocol.
 Package wl implements Wayland security_context_v1 protocol.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.