Documentation
¶
Index ¶
- Constants
- func Annotations(labels []string) (bundle string, userAnnotations map[string]string)
- func CleanPath(path string) string
- func CloseExecFrom(minFd int) error
- func EnsureProcHandle(fh *os.File) error
- func NewSockPair(name string) (parent, child *os.File, err error)
- func RecvFile(socket *os.File) (_ *os.File, Err error)
- func SendFile(socket *os.File, file *os.File) error
- func SendRawFd(socket *os.File, msg string, fd uintptr) error
- func UnsafeCloseFrom(minFd int) error
- func WithProcfd(root, unsafePath string, fn func(procfd string) error) error
- func WriteJSON(w io.Writer, v interface{}) error
- type ProcThreadSelfCloser
Constants ¶
const MaxNameLen = 4096
Variables ¶
This section is empty.
Functions ¶
func Annotations ¶
Annotations 从 libcontainer 状态返回包路径和用户定义的注释。我们需要删除包,因为这是 libcontainer 添加的标签。
func CloseExecFrom ¶
func EnsureProcHandle ¶
func RecvFile ¶
RecvFile waits for a file descriptor to be sent over the given AF_UNIX socket. The file name of the remote file descriptor will be recreated locally (it is sent as non-auxiliary data in the same payload).
func SendFile ¶
SendFile sends a file over the given AF_UNIX socket. file.Name() is also included so that if the other end uses RecvFile, the file will have the same name information.
func UnsafeCloseFrom ¶
UnsafeCloseFrom closes all file descriptors greater or equal to minFd in the current process, except for those critical to Go's runtime (such as the netpoll management descriptors).
NOTE: That this function is incredibly dangerous to use in most Go code, as closing file descriptors from underneath *os.File handles can lead to very bad behaviour (the closed file descriptor can be re-used and then any *os.File operations would apply to the wrong file). This function is only intended to be called from the last stage of runc init.
func WithProcfd ¶
WithProcfd 在根目录内解析的不安全路径对应的 procfd 路径(/proc/self/fd/...)上运行传入的闭包。 在传递 fd 之前,会验证此路径是否位于根目录内——因此通过传入的 fdpath 对其进行操作应该是安全的。 不要通过原始的路径字符串访问此路径,也不要尝试在传入的闭包之外使用该路径名(文件句柄将在闭包返回后释放)。
func WriteJSON ¶
WriteJSON writes the provided struct v to w using standard json marshaling without a trailing newline. This is used instead of json.Encoder because there might be a problem in json decoder in some cases, see: https://github.com/docker/docker/issues/14203#issuecomment-174177790
Types ¶
type ProcThreadSelfCloser ¶
type ProcThreadSelfCloser func()
func ProcThreadSelf ¶
func ProcThreadSelf(subpath string) (string, ProcThreadSelfCloser)
ProcThreadSelf returns a string that is equivalent to /proc/thread-self/<subpath>, with a graceful fallback on older kernels where /proc/thread-self doesn't exist. This method DOES NOT use SecureJoin, meaning that the passed string needs to be trusted. The caller _must_ call the returned procThreadSelfCloser function (which is runtime.UnlockOSThread) *only once* after it has finished using the returned path string.
func ProcThreadSelfFd ¶
func ProcThreadSelfFd(fd uintptr) (string, ProcThreadSelfCloser)
ProcThreadSelfFd is small wrapper around ProcThreadSelf to make it easier to create a /proc/thread-self handle for given file descriptor.
It is basically equivalent to ProcThreadSelf(fmt.Sprintf("fd/%d", fd)), but without using fmt.Sprintf to avoid unneeded overhead.
Source Files