proc

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 29, 2018 License: MIT Imports: 10 Imported by: 2

Documentation

Overview

Package proc provides tools for inspecting proc.

Index

Constants

View Source 
const (
	// RuntimeDocker is the string for the docker runtime.
	RuntimeDocker ContainerRuntime = "docker"
	// RuntimeRkt is the string for the rkt runtime.
	RuntimeRkt ContainerRuntime = "rkt"
	// RuntimeNspawn is the string for the systemd-nspawn runtime.
	RuntimeNspawn ContainerRuntime = "systemd-nspawn"
	// RuntimeLXC is the string for the lxc runtime.
	RuntimeLXC ContainerRuntime = "lxc"
	// RuntimeLXCLibvirt is the string for the lxc-libvirt runtime.
	RuntimeLXCLibvirt ContainerRuntime = "lxc-libvirt"
	// RuntimeOpenVZ is the string for the openvz runtime.
	RuntimeOpenVZ ContainerRuntime = "openvz"
	// RuntimeKubernetes is the string for the kubernetes runtime.
	RuntimeKubernetes ContainerRuntime = "kube"
	// RuntimeGarden is the string for the garden runtime.
	RuntimeGarden ContainerRuntime = "garden"
	// RuntimePodman is the string for the podman runtime.
	RuntimePodman ContainerRuntime = "podman"
	// RuntimeGVisor is the string for the gVisor (runsc) runtime.
	RuntimeGVisor ContainerRuntime = "gvisor"
	// RuntimeFirejail is the string for the firejail runtime.
	RuntimeFirejail ContainerRuntime = "firejail"
	// RuntimeWSL is the string for the Windows Subsystem for Linux runtime.
	RuntimeWSL ContainerRuntime = "wsl"
	// RuntimeNotFound is the string for when no container runtime is found.
	RuntimeNotFound ContainerRuntime = "not-found"

	// SeccompModeDisabled is equivalent to "0" in the /proc/{pid}/status file.
	SeccompModeDisabled SeccompMode = "disabled"
	// SeccompModeStrict is equivalent to "1" in the /proc/{pid}/status file.
	SeccompModeStrict SeccompMode = "strict"
	// SeccompModeFiltering is equivalent to "2" in the /proc/{pid}/status file.
	SeccompModeFiltering SeccompMode = "filtering"
)

Variables

View Source 
var (
	// ContainerRuntimes contains all the container runtimes.
	ContainerRuntimes = []ContainerRuntime{
		RuntimeDocker,
		RuntimeRkt,
		RuntimeNspawn,
		RuntimeLXC,
		RuntimeLXCLibvirt,
		RuntimeOpenVZ,
		RuntimeKubernetes,
		RuntimeGarden,
		RuntimePodman,
		RuntimeGVisor,
		RuntimeFirejail,
		RuntimeWSL,
	}
)

Functions

func GetAppArmorProfile 

func GetAppArmorProfile(pid int) string

GetAppArmorProfile determines the AppArmor profile for a process. If pid is less than one, it returns the AppArmor profile for "self".

func GetCapabilities 

func GetCapabilities(pid int) (map[string][]string, error)

GetCapabilities returns the allowed capabilities for the process. If pid is less than one, it returns the capabilities for "self".

func GetCmdline 

func GetCmdline(pid int) []string

GetCmdline returns the cmdline for a process. If pid is less than one, it returns the cmdline for "self".

func GetContainerID 

func GetContainerID(tgid, pid int) string

GetContainerID returns the container ID for a process if it's running in a container. If pid is less than one, it returns the container ID for "self".

func GetCwd 

func GetCwd(pid int) string

GetCwd returns the current working directory for the process. If pid is less than one, it returns the current working directory for "self".

func GetEnviron 

func GetEnviron(pid int) []string

GetEnviron returns the environ for a process. If pid is less than one, it returns the environ for "self".

func GetNoNewPrivileges 

func GetNoNewPrivileges(pid int) bool

GetNoNewPrivileges returns if no_new_privileges is set for a process. If pid is less than one, it returns if set for "self".

func GetUIDGID 

func GetUIDGID(tgid, pid int) (uint32, uint32, error)

GetUIDGID returns the uid and gid for a process. If pid is less than one, it returns the seccomp enforcing mode for "self".

func HasNamespace 

func HasNamespace(ns string) (bool, error)

HasNamespace determines if a container is using a particular namespace or the host namespace. The device number of an unnamespaced /proc/1/ns/{ns} is 4 and anything else is higher. Only works from inside a container.

func IsValidContainerRuntime 

func IsValidContainerRuntime(s string) bool

IsValidContainerRuntime checks if a string is a valid container runtime.

Types

type ContainerRuntime 

type ContainerRuntime string

ContainerRuntime is the type for the various container runtime strings.

func GetContainerRuntime 

func GetContainerRuntime(tgid, pid int) ContainerRuntime

GetContainerRuntime returns the container runtime the process is running in. If pid is less than one, it returns the runtime for "self".

type SeccompMode 

type SeccompMode string

SeccompMode is the type for the various seccomp mode strings.

func GetSeccompEnforcingMode 

func GetSeccompEnforcingMode(pid int) SeccompMode

GetSeccompEnforcingMode returns the seccomp enforcing level (disabled, filtering, strict) for a process. If pid is less than one, it returns the seccomp enforcing mode for "self".

type UserMapping 

type UserMapping struct {
	ContainerID int64
	HostID      int64
	Range       int64
}

UserMapping holds the values for a {uid,gid}_map.

func GetUserNamespaceInfo 

func GetUserNamespaceInfo(pid int) (bool, []UserMapping)

GetUserNamespaceInfo determines if the process is running in a UserNamespace and returns the mappings if true. If pid is less than one, it returns the user namespace info for "self".

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳