-
Notifications
You must be signed in to change notification settings - Fork 25
/
runner_linux.go
48 lines (35 loc) · 989 Bytes
/
runner_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package unshare
import (
"github.com/criyle/go-sandbox/pkg/mount"
"github.com/criyle/go-sandbox/pkg/rlimit"
"github.com/criyle/go-sandbox/pkg/seccomp"
"github.com/criyle/go-sandbox/runner"
)
// Runner runs program in unshared namespaces
type Runner struct {
// argv and env for the child process
Args []string
Env []string
// fexecve param
ExecFile uintptr
// workdir is the current dir after unshare mount namespaces
WorkDir string
// file disriptors for new process, from 0 to len - 1
Files []uintptr
// Resource limit set by set rlimit
RLimits []rlimit.RLimit
// Resource limit enforced by tracer
Limit runner.Limit
// Seccomp defines the seccomp filter attach to the process (should be whitelist only)
Seccomp seccomp.Filter
// New root
Root string
// Mount syscalls
Mounts []mount.SyscallParams
// hostname & domainname
HostName, DomainName string
// Show Details
ShowDetails bool
// Use by cgroup to add proc
SyncFunc func(pid int) error
}