isolation

package
v0.36.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 30, 2021 License: Apache-2.0 Imports: 23 Imported by: 2

Documentation

Index

Constants

View Source 
const (
	QEMUIMGPath = "/usr/bin/qemu-img"
)

Variables

This section is empty.

Functions

func GetFileSize added in v0.36.4 

func GetFileSize(imagePath string, context IsolationResult) (int64, error)

func GetImageInfo added in v0.20.0 

func GetImageInfo(imagePath string, context IsolationResult) (*containerdisk.DiskInfo, error)

func NodeIsolationResult 

func NodeIsolationResult() *realIsolationResult

Types

type IsolationResult 

type IsolationResult interface {
	// cgroup slice
	Slice() string
	// process ID
	Pid() int
	// full path to the process namespace
	PIDNamespace() string
	// full path to the process root mount
	MountRoot() string
	// retrieve additional information about the process root mount
	MountInfoRoot() (*MountInfo, error)
	// full path to the mount namespace
	MountNamespace() string
	// full path to the network namespace
	NetNamespace() string
	// execute a function in the process network namespace
	DoNetNS(func() error) error
}

func NewIsolationResult 

func NewIsolationResult(pid int, slice string, controller []string) IsolationResult

type MockIsolationResult added in v0.27.0 

type MockIsolationResult struct {
	// contains filtered or unexported fields
}

Mock of IsolationResult interface

func NewMockIsolationResult added in v0.27.0 

func NewMockIsolationResult(ctrl *gomock.Controller) *MockIsolationResult

func (*MockIsolationResult) DoNetNS added in v0.27.0 

func (_m *MockIsolationResult) DoNetNS(_param0 func() error) error

func (*MockIsolationResult) EXPECT added in v0.27.0 

func (_m *MockIsolationResult) EXPECT() *_MockIsolationResultRecorder

func (*MockIsolationResult) MountInfoRoot added in v0.27.0 

func (_m *MockIsolationResult) MountInfoRoot() (*MountInfo, error)

func (*MockIsolationResult) MountNamespace added in v0.27.0 

func (_m *MockIsolationResult) MountNamespace() string

func (*MockIsolationResult) MountRoot added in v0.27.0 

func (_m *MockIsolationResult) MountRoot() string

func (*MockIsolationResult) NetNamespace added in v0.27.0 

func (_m *MockIsolationResult) NetNamespace() string

func (*MockIsolationResult) PIDNamespace added in v0.27.0 

func (_m *MockIsolationResult) PIDNamespace() string

func (*MockIsolationResult) Pid added in v0.27.0 

func (_m *MockIsolationResult) Pid() int

func (*MockIsolationResult) Slice added in v0.27.0 

func (_m *MockIsolationResult) Slice() string

type MockPodIsolationDetector 

type MockPodIsolationDetector struct {
	// contains filtered or unexported fields
}

Mock of PodIsolationDetector interface

func NewMockPodIsolationDetector 

func NewMockPodIsolationDetector(ctrl *gomock.Controller) *MockPodIsolationDetector

func (*MockPodIsolationDetector) AdjustResources added in v0.21.0 

func (_m *MockPodIsolationDetector) AdjustResources(vm *v1.VirtualMachineInstance) error

func (*MockPodIsolationDetector) Detect 

func (_m *MockPodIsolationDetector) Detect(vm *v1.VirtualMachineInstance) (IsolationResult, error)

func (*MockPodIsolationDetector) DetectForSocket added in v0.20.0 

func (_m *MockPodIsolationDetector) DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (IsolationResult, error)

func (*MockPodIsolationDetector) EXPECT 

func (_m *MockPodIsolationDetector) EXPECT() *_MockPodIsolationDetectorRecorder

func (*MockPodIsolationDetector) Whitelist 

func (_m *MockPodIsolationDetector) Whitelist(controller []string) PodIsolationDetector

type MountInfo added in v0.20.0 

type MountInfo struct {
	DeviceContainingFile string
	Root                 string
	MountPoint           string
}

type PodIsolationDetector 

type PodIsolationDetector interface {
	// Detect takes a vm, looks up a socket based the VM and detects pid, cgroups and namespaces of the owner of that socket.
	// It returns an IsolationResult containing all isolation information
	Detect(vm *v1.VirtualMachineInstance) (IsolationResult, error)

	DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (IsolationResult, error)

	// Whitelist allows specifying cgroup controller which should be considered to detect the cgroup slice
	// It returns a PodIsolationDetector to allow configuring the PodIsolationDetector via the builder pattern.
	Whitelist(controller []string) PodIsolationDetector

	// Adjust system resources to run the passed VM
	AdjustResources(vm *v1.VirtualMachineInstance) error
}

PodIsolationDetector helps detecting cgroups, namespaces and PIDs of Pods from outside of them. Different strategies may be applied to do that.

func NewSocketBasedIsolationDetector 

func NewSocketBasedIsolationDetector(socketDir string) PodIsolationDetector

NewSocketBasedIsolationDetector takes socketDir and creates a socket based IsolationDetector It returns a PodIsolationDetector which detects pid, cgroups and namespaces of the socket owner.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳