Documentation ¶
Overview ¶
Package host implements an fs.Filesystem for files backed by host file descriptors.
Index ¶
- Constants
- func ImportFile(ctx context.Context, fd int, mounter fs.FileOwner, allowIoctl bool) (*fs.File, error)
- func NewConnectedEndpoint(file *fd.FD, queue *waiter.Queue, path string) (unix.Receiver, unix.ConnectedEndpoint, *tcpip.Error)
- func NewFile(ctx context.Context, fd int, mounter fs.FileOwner) (*fs.File, error)
- func NewSocketWithDirent(ctx context.Context, d *fs.Dirent, f *fd.FD, flags fs.FileFlags) (*fs.File, error)
- type Filesystem
- func (*Filesystem) AllowUserMount() bool
- func (*Filesystem) Flags() fs.FilesystemFlags
- func (f *Filesystem) InstallWhitelist(ctx context.Context, m *fs.MountNamespace) error
- func (f *Filesystem) Mount(ctx context.Context, _ string, flags fs.MountSourceFlags, data string) (*fs.Inode, error)
- func (*Filesystem) Name() string
Constants ¶
const FilesystemName = "whitelistfs"
FilesystemName is the name under which Filesystem is registered.
Variables ¶
This section is empty.
Functions ¶
func ImportFile ¶
func ImportFile(ctx context.Context, fd int, mounter fs.FileOwner, allowIoctl bool) (*fs.File, error)
ImportFile creates a new File backed by the provided host file descriptor. Unlike NewFile, the file descriptor used by the File is duped from fd to ensure that later changes to fd are not reflected by the fs.File.
If the returned file is saved, it will be restored by re-importing the fd originally passed to ImportFile. It is the restorer's responsibility to ensure that the fd represents the same file.
func NewConnectedEndpoint ¶
func NewConnectedEndpoint(file *fd.FD, queue *waiter.Queue, path string) (unix.Receiver, unix.ConnectedEndpoint, *tcpip.Error)
NewConnectedEndpoint creates a new unix.Receiver and unix.ConnectedEndpoint backed by a host FD that will pretend to be bound at a given sentry path.
func NewFile ¶
NewFile creates a new File backed by the provided host file descriptor. If NewFile succeeds, ownership of the fd is transferred to the returned File.
The returned File cannot be saved, since there is no guarantee that the same fd will exist or represent the same file at time of restore. If such a guarantee does exist, use ImportFile instead.
func NewSocketWithDirent ¶
func NewSocketWithDirent(ctx context.Context, d *fs.Dirent, f *fd.FD, flags fs.FileFlags) (*fs.File, error)
NewSocketWithDirent allocates a new unix socket with host endpoint.
This is currently only used by unsaveable Gofer nodes.
NewSocketWithDirent takes ownership of f on success.
Types ¶
type Filesystem ¶
type Filesystem struct {
// contains filtered or unexported fields
}
Filesystem is a pseudo file system that is only available during the setup to lock down the configurations. This filesystem should only be mounted at root.
Think twice before exposing this to applications.
func (*Filesystem) AllowUserMount ¶
func (*Filesystem) AllowUserMount() bool
AllowUserMount prohibits users from using mount(2) with this file system.
func (*Filesystem) Flags ¶
func (*Filesystem) Flags() fs.FilesystemFlags
Flags returns that there is nothing special about this file system.
func (*Filesystem) InstallWhitelist ¶
func (f *Filesystem) InstallWhitelist(ctx context.Context, m *fs.MountNamespace) error
InstallWhitelist locks down the MountNamespace to only the currently installed Dirents and the given paths.
func (*Filesystem) Mount ¶
func (f *Filesystem) Mount(ctx context.Context, _ string, flags fs.MountSourceFlags, data string) (*fs.Inode, error)
Mount returns an fs.Inode exposing the host file system. It is intended to be locked down in PreExec below.
func (*Filesystem) Name ¶
func (*Filesystem) Name() string
Name is the identifier of this file system.