jailer

package
v0.0.0-...-10f390e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 12, 2025 License: AGPL-3.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ExecOptions 

type ExecOptions struct {
	// VMId is the unique identifier for this VM
	VMId string

	// NetworkNamespace is the path to the network namespace (e.g., /run/netns/vm-xxx)
	NetworkNamespace string

	// SocketPath is the path to the firecracker API socket
	SocketPath string

	// FirecrackerArgs are additional arguments to pass to firecracker
	FirecrackerArgs []string

	// Stdin, Stdout, Stderr for the firecracker process
	Stdin  *os.File
	Stdout *os.File
	Stderr *os.File
}

ExecOptions contains options for executing firecracker in a jailed environment

type Jailer 

type Jailer struct {
	// contains filtered or unexported fields
}

Jailer provides functionality similar to firecracker's jailer but integrated into metald

func NewJailer 

func NewJailer(logger *slog.Logger, config *config.JailerConfig) *Jailer

NewJailer creates a new integrated jailer

func (*Jailer) Exec 

func (j *Jailer) Exec(ctx context.Context, opts *ExecOptions) error

Exec executes firecracker in a jailed environment This function does NOT return if successful - it execs into firecracker

func (*Jailer) RunInJail 

func (j *Jailer) RunInJail(ctx context.Context, opts *ExecOptions) (*os.Process, error)

RunInJail runs firecracker in a jail by creating a minimal isolation environment This function forks and execs firecracker with dropped privileges

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.