Documentation
¶
Overview ¶
Package bwrap provides a sandbox runtime implementation using bubblewrap (bwrap). On Linux, it uses bwrap for actual process isolation. On other systems (macOS, Windows), it falls back to a local process executor for development/testing.
Index ¶
- func IsBwrapAvailable() bool
- type BwrapRuntime
- func (r *BwrapRuntime) Create(ctx context.Context, config *rt.SandboxConfig) (*types.Sandbox, error)
- func (r *BwrapRuntime) CreateSession(ctx context.Context, sandboxID string, config *types.SessionConfig) (*types.Session, error)
- func (r *BwrapRuntime) Destroy(ctx context.Context, sandboxID string) error
- func (r *BwrapRuntime) DestroySession(ctx context.Context, sessionID string) error
- func (r *BwrapRuntime) Exec(ctx context.Context, sandboxID string, req *types.ExecRequest) (*types.ExecResult, error)
- func (r *BwrapRuntime) ExecStream(ctx context.Context, sandboxID string, req *types.ExecRequest, ...) error
- func (r *BwrapRuntime) Get(ctx context.Context, sandboxID string) (*types.Sandbox, error)
- func (r *BwrapRuntime) GetSession(ctx context.Context, sessionID string) (*types.Session, error)
- func (r *BwrapRuntime) List(ctx context.Context) ([]*types.Sandbox, error)
- func (r *BwrapRuntime) ListSessions(ctx context.Context, sandboxID string) ([]*types.Session, error)
- func (r *BwrapRuntime) Name() string
- func (r *BwrapRuntime) SessionExec(ctx context.Context, sessionID string, req *types.SessionExecRequest) (*types.ExecResult, error)
- func (r *BwrapRuntime) SessionExecStream(ctx context.Context, sessionID string, req *types.SessionExecRequest, ...) error
- func (r *BwrapRuntime) Start(ctx context.Context, sandboxID string) error
- func (r *BwrapRuntime) Stop(ctx context.Context, sandboxID string) error
- type Config
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsBwrapAvailable ¶
func IsBwrapAvailable() bool
IsBwrapAvailable checks if bwrap is available on the system.
Types ¶
type BwrapRuntime ¶
type BwrapRuntime struct {
// contains filtered or unexported fields
}
BwrapRuntime implements runtime.RuntimeWithExecutor using bubblewrap.
func New ¶
func New(config *Config) *BwrapRuntime
New creates a new BwrapRuntime with the given configuration.
func (*BwrapRuntime) Create ¶
func (r *BwrapRuntime) Create(ctx context.Context, config *rt.SandboxConfig) (*types.Sandbox, error)
Create creates a new sandbox but does not start it.
func (*BwrapRuntime) CreateSession ¶
func (r *BwrapRuntime) CreateSession(ctx context.Context, sandboxID string, config *types.SessionConfig) (*types.Session, error)
CreateSession creates a new shell session within a sandbox.
func (*BwrapRuntime) Destroy ¶
func (r *BwrapRuntime) Destroy(ctx context.Context, sandboxID string) error
Destroy destroys a sandbox, releasing all resources.
func (*BwrapRuntime) DestroySession ¶
func (r *BwrapRuntime) DestroySession(ctx context.Context, sessionID string) error
DestroySession destroys a session and kills all its child processes.
func (*BwrapRuntime) Exec ¶
func (r *BwrapRuntime) Exec(ctx context.Context, sandboxID string, req *types.ExecRequest) (*types.ExecResult, error)
Exec executes a command in the sandbox and returns the result.
func (*BwrapRuntime) ExecStream ¶
func (r *BwrapRuntime) ExecStream(ctx context.Context, sandboxID string, req *types.ExecRequest, output chan<- []byte) error
ExecStream executes a command and streams output.
func (*BwrapRuntime) GetSession ¶
GetSession retrieves information about a session.
func (*BwrapRuntime) ListSessions ¶
func (r *BwrapRuntime) ListSessions(ctx context.Context, sandboxID string) ([]*types.Session, error)
ListSessions returns all sessions for a sandbox.
func (*BwrapRuntime) Name ¶
func (r *BwrapRuntime) Name() string
Name returns the name of this runtime implementation.
func (*BwrapRuntime) SessionExec ¶
func (r *BwrapRuntime) SessionExec(ctx context.Context, sessionID string, req *types.SessionExecRequest) (*types.ExecResult, error)
SessionExec executes a command within a session, preserving state.
func (*BwrapRuntime) SessionExecStream ¶
func (r *BwrapRuntime) SessionExecStream(ctx context.Context, sessionID string, req *types.SessionExecRequest, output chan<- []byte) error
SessionExecStream executes a command within a session and streams output.
type Config ¶
type Config struct {
// BwrapPath is the path to the bwrap binary (default: "bwrap")
BwrapPath string
// DefaultTimeout is the default timeout for operations
DefaultTimeout time.Duration
// WorkDir is the base directory for sandbox working directories
WorkDir string
// FUSEMountBase is the base directory for FUSE mount points
FUSEMountBase string
// EnableNetworking allows network access in sandboxes
EnableNetworking bool
}
Config holds configuration for the BwrapRuntime.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns a Config with sensible defaults.
Source Files