github.com/criyle/go-sandbox@v0.10.3/container/doc.go

github.com/criyle/go-sandbox@v0.10.3/container/doc.go (about)

     1  // Package container provides pre-forked container environment to
     2  // run programs in isolated Linux namespaces.
     3  //
     4  // # Overview
     5  //
     6  // It creates container within unshared container and communicate
     7  // with host process using unix socket with
     8  // oob for fd / pid and commands encoded by gob.
     9  //
    10  // # Protocol
    11  //
    12  // Host to container communication protocol is single threaded and always initiated by
    13  // the host:
    14  //
    15  // ## ping (alive check)
    16  //
    17  // - send: ping
    18  // - reply: pong
    19  //
    20  // ## conf (set configuration)
    21  //
    22  // - send: conf
    23  // - reply:
    24  //
    25  // ## open (open files in given mode inside container):
    26  //
    27  // - send: []OpenCmd
    28  // - reply: "success", file fds / "error"
    29  //
    30  // ## delete (unlink file / rmdir dir inside container):
    31  //
    32  // - send: path
    33  // - reply: "finished" / "error"
    34  //
    35  // ## reset (clean up container for later use (clear workdir / tmp)):
    36  //
    37  // - send:
    38  // - reply: "success"
    39  //
    40  // ## execve: (execute file inside container):
    41  //
    42  // - send: argv, env, rLimits, fds
    43  // - reply:
    44  // - success: "success", pid
    45  // - failed: "failed"
    46  // - send (success): "init_finished" (as cmd)
    47  // - reply: "finished" / send: "kill" (as cmd)
    48  // - send: "kill" (as cmd) / reply: "finished"
    49  // - reply:
    50  //
    51  // Any socket related error will cause the container exit with all process inside container
    52  package container