github.com/criyle/go-sandbox@v0.10.3/runner/unshare/runner_linux.go

github.com/criyle/go-sandbox@v0.10.3/runner/unshare/runner_linux.go (about)

     1  package unshare
     2  
     3  import (
     4  	"github.com/criyle/go-sandbox/pkg/mount"
     5  	"github.com/criyle/go-sandbox/pkg/rlimit"
     6  	"github.com/criyle/go-sandbox/pkg/seccomp"
     7  	"github.com/criyle/go-sandbox/runner"
     8  )
     9  
    10  // Runner runs program in unshared namespaces
    11  type Runner struct {
    12  	// argv and env for the child process
    13  	Args []string
    14  	Env  []string
    15  
    16  	// fexecve param
    17  	ExecFile uintptr
    18  
    19  	// workdir is the current dir after unshare mount namespaces
    20  	WorkDir string
    21  
    22  	// file descriptors for new process, from 0 to len - 1
    23  	Files []uintptr
    24  
    25  	// Resource limit set by set rlimit
    26  	RLimits []rlimit.RLimit
    27  
    28  	// Resource limit enforced by tracer
    29  	Limit runner.Limit
    30  
    31  	// Seccomp defines the seccomp filter attach to the process (should be whitelist only)
    32  	Seccomp seccomp.Filter
    33  
    34  	// New root
    35  	Root string
    36  
    37  	// Mount syscalls
    38  	Mounts []mount.SyscallParams
    39  
    40  	// hostname & domainname
    41  	HostName, DomainName string
    42  
    43  	// Show Details
    44  	ShowDetails bool
    45  
    46  	// Use by cgroup to add proc
    47  	SyncFunc func(pid int) error
    48  }