process

func InstalledRVersions ¶

func InstalledRVersions() []string

InstalledRVersions returns the R versions installed under rigBase. Each entry is the directory name (e.g. "4.5.0", "4.4.3").

func ResolveRBinary ¶

func ResolveRBinary(version, fallback string) (string, bool)

ResolveRBinary maps a requested R version (e.g. "4.5.0") to the full path of a rig-managed R binary. Resolution order:

1. Exact match: /opt/R/<version>/bin/R
2. Minor match: highest /opt/R/<major>.<minor>.*/bin/R
3. Fallback: the configured default R path

Returns the resolved path and whether the fallback was used. When version is empty the fallback is returned directly (not considered a miss).

func RunBwrapExec ¶ added in v0.0.4

func RunBwrapExec(args []string) error

RunBwrapExec is the `blockyard bwrap-exec --uid W --gid G -- <bwrap> <bwrap-args>` subcommand the process backend invokes instead of calling bwrap directly. It drops into the worker's (uid, gid), restores the dumpable flag that the kernel clears on suid transitions, and execs bwrap.

Why this isn't `SysProcAttr.Credential`: Go's fork+exec does setgroups+setgid+setuid but never calls `prctl(PR_SET_DUMPABLE, 1)` afterward. The kernel marks the process non-dumpable after any credential transition (even root→user), and a non-dumpable process sees /proc/self/uid_map as owned by root (not the current ruid). bwrap's unprivileged uid_map write then fails with EPERM — "bwrap: setting up uid map: Permission denied". Restoring dumpable between setuid and exec makes /proc/self/uid_map owned by the worker UID again, so bwrap can write the identity uid_map that makes worker traffic host-identifiable for iptables owner-match rules.

Exported because both cmd/blockyard/main.go and the process package's TestMain dispatch to it: in tests, os.Executable() returns the test binary rather than the blockyard binary, so the test binary must also recognise the "bwrap-exec" first arg and execute the shim itself — otherwise exec.Command(testbin, "bwrap-exec", ...) re-enters the test runner and the whole suite recurses.

Returns an error for any misuse; on success it never returns (execve replaces the process).

func RunPreflight ¶

func RunPreflight(cfg *config.ProcessConfig, fullCfg *config.Config, cgroups *cgroupManager) *preflight.Report

RunPreflight verifies the process backend prerequisites. Called by (*ProcessBackend).Preflight() with the full config so the egress probe can read Redis/vault/database addresses and the resource- limit check can read server-level defaults.

Check ordering matters: bwrap/R/userns are prerequisites for checkBwrapHostUIDMapping (it spawns bwrap), and that check is a prerequisite for checkWorkerEgress (which also spawns bwrap and whose results are meaningful only if the host UID mapping is effective). If a prerequisite fails we still run the later checks — they'll fail too, and emitting all failures at once is more useful than bailing at the first.

cgroups is the optional cgroup-v2 delegation manager; nil is safe and tests pass nil directly. The manager feeds checkCgroupDelegation and the worker-egress probe's cgroup enrollment.