Documentation
¶
Overview ¶
Package fs provides FUSE filesystem implementation with permission control.
Package fs provides FUSE filesystem implementation with permission control.
Package fs provides FUSE filesystem implementation with permission control.
Index ¶
- Constants
- Variables
- type DeltaLayer
- func (d *DeltaLayer) Clear() error
- func (d *DeltaLayer) CopyToDelta(relPath string) error
- func (d *DeltaLayer) DeltaDir() string
- func (d *DeltaLayer) EnsureDeltaDir(relPath string) error
- func (d *DeltaLayer) GetDeltaPath(relPath string) string
- func (d *DeltaLayer) GetSourcePath(relPath string) string
- func (d *DeltaLayer) HasDelta(relPath string) bool
- func (d *DeltaLayer) IsDeleted(relPath string) bool
- func (d *DeltaLayer) ListChanges() ([]string, error)
- func (d *DeltaLayer) MarkDeleted(relPath string) error
- func (d *DeltaLayer) MergedReadDir(relPath string) ([]os.DirEntry, error)
- func (d *DeltaLayer) RemoveWhiteout(relPath string) error
- func (d *DeltaLayer) ResolvePath(relPath string) (actualPath string, inDelta bool)
- func (d *DeltaLayer) SourceDir() string
- func (d *DeltaLayer) Sync() error
- type PermissionEngine
- type SandboxFS
- func (sfs *SandboxFS) ClearDelta() error
- func (sfs *SandboxFS) DeltaEnabled() bool
- func (sfs *SandboxFS) IsMounted() bool
- func (sfs *SandboxFS) Mount(ctx context.Context) error
- func (sfs *SandboxFS) MountWithReady(ctx context.Context, ready chan<- error) error
- func (sfs *SandboxFS) Sync() error
- func (sfs *SandboxFS) UpdateRules(rules []types.PermissionRule)
- type SandboxFSConfig
Constants ¶
const FMODE_EXEC = 0x20
FMODE_EXEC is a FUSE-specific flag that should be stripped before passing to OS
const WhiteoutPrefix = ".wh."
WhiteoutPrefix is the prefix for whiteout files (marks deletions in delta).
Variables ¶
var ( ErrInvalidSourceDir = errors.New("invalid source directory") ErrInvalidMountPoint = errors.New("invalid mount point") )
Errors for SandboxFS
Functions ¶
This section is empty.
Types ¶
type DeltaLayer ¶
type DeltaLayer struct {
// contains filtered or unexported fields
}
DeltaLayer manages the delta storage for a sandbox. It implements Copy-On-Write (COW) semantics where: - Reads first check delta, then fallback to source - Writes always go to delta - Deletes create whiteout markers in delta
func NewDeltaLayer ¶
func NewDeltaLayer(deltaDir, sourceDir string) (*DeltaLayer, error)
NewDeltaLayer creates a new delta layer.
func (*DeltaLayer) Clear ¶
func (d *DeltaLayer) Clear() error
Clear removes all content from the delta directory.
func (*DeltaLayer) CopyToDelta ¶
func (d *DeltaLayer) CopyToDelta(relPath string) error
CopyToDelata copies a file from source to delta (COW operation). If the file doesn't exist in source, this is a no-op.
func (*DeltaLayer) DeltaDir ¶
func (d *DeltaLayer) DeltaDir() string
DeltaDir returns the delta directory path.
func (*DeltaLayer) EnsureDeltaDir ¶
func (d *DeltaLayer) EnsureDeltaDir(relPath string) error
EnsureDeltaDir ensures the directory structure exists in delta for the given path.
func (*DeltaLayer) GetDeltaPath ¶
func (d *DeltaLayer) GetDeltaPath(relPath string) string
GetDeltaPath returns the path in the delta directory for a given relative path.
func (*DeltaLayer) GetSourcePath ¶
func (d *DeltaLayer) GetSourcePath(relPath string) string
GetSourcePath returns the path in the source directory for a given relative path.
func (*DeltaLayer) HasDelta ¶
func (d *DeltaLayer) HasDelta(relPath string) bool
HasDelta checks if a file exists in the delta directory.
func (*DeltaLayer) IsDeleted ¶
func (d *DeltaLayer) IsDeleted(relPath string) bool
IsDeleted checks if a file has been marked as deleted (whiteout exists).
func (*DeltaLayer) ListChanges ¶
func (d *DeltaLayer) ListChanges() ([]string, error)
ListChanges returns a list of all modified files in the delta. Returns relative paths.
func (*DeltaLayer) MarkDeleted ¶
func (d *DeltaLayer) MarkDeleted(relPath string) error
MarkDeleted creates a whiteout marker for a deleted file.
func (*DeltaLayer) MergedReadDir ¶
func (d *DeltaLayer) MergedReadDir(relPath string) ([]os.DirEntry, error)
MergedReadDir reads a directory, merging delta and source contents. Returns entries visible to the user (respecting whiteouts).
func (*DeltaLayer) RemoveWhiteout ¶
func (d *DeltaLayer) RemoveWhiteout(relPath string) error
RemoveWhiteout removes a whiteout marker (used when a file is recreated).
func (*DeltaLayer) ResolvePath ¶
func (d *DeltaLayer) ResolvePath(relPath string) (actualPath string, inDelta bool)
ResolvePath resolves a relative path to the actual filesystem path. Priority: delta > source Returns the actual path and whether the file is in delta.
func (*DeltaLayer) SourceDir ¶
func (d *DeltaLayer) SourceDir() string
SourceDir returns the source directory path.
func (*DeltaLayer) Sync ¶
func (d *DeltaLayer) Sync() error
Sync synchronizes delta changes to source using Last-Writer-Wins (LWW) strategy.
type PermissionEngine ¶
type PermissionEngine interface {
// GetPermission returns the effective permission for a given path.
GetPermission(path string) types.Permission
// CheckRead checks if the path can be read.
CheckRead(path string) error
// CheckWrite checks if the path can be written.
CheckWrite(path string) error
// CheckView checks if the path can be viewed (listed).
CheckView(path string) error
// UpdateRules updates the permission rules.
UpdateRules(rules []types.PermissionRule)
}
PermissionEngine handles permission checking for file operations.
func NewPermissionEngine ¶
func NewPermissionEngine(rules []types.PermissionRule) PermissionEngine
NewPermissionEngine creates a new permission engine with the given rules.
type SandboxFS ¶
type SandboxFS struct {
// contains filtered or unexported fields
}
SandboxFS is a FUSE filesystem that enforces permission rules.
func NewSandboxFS ¶
func NewSandboxFS(config *SandboxFSConfig) (*SandboxFS, error)
NewSandboxFS creates a new SandboxFS instance.
func (*SandboxFS) ClearDelta ¶
ClearDelta clears the delta directory without syncing. Use this to discard changes (e.g., on exec failure).
func (*SandboxFS) DeltaEnabled ¶
DeltaEnabled returns true if the delta layer is enabled.
func (*SandboxFS) Mount ¶
Mount mounts the FUSE filesystem. It blocks until the context is cancelled. If ready channel is provided, it receives nil when mount is ready, or an error if mount failed.
func (*SandboxFS) MountWithReady ¶
MountWithReady mounts the FUSE filesystem with a ready signal channel. The ready channel receives nil when mount succeeds, or an error if mount failed.
func (*SandboxFS) Sync ¶
Sync synchronizes delta changes to the source directory. This should be called after exec() completes to persist changes.
func (*SandboxFS) UpdateRules ¶
func (sfs *SandboxFS) UpdateRules(rules []types.PermissionRule)
UpdateRules updates the permission rules dynamically.
type SandboxFSConfig ¶
type SandboxFSConfig struct {
SourceDir string // The source directory to expose (shared storage, read-only source)
DeltaDir string // Delta directory for COW writes (optional, enables delta layer)
MountPoint string // Where to mount the FUSE filesystem
Rules []types.PermissionRule // Permission rules
}
SandboxFSConfig holds the configuration for creating a SandboxFS.
Source Files