preflight

package
v1.126.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 23, 2026 License: MPL-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultMinDiskFreeBytes uint64 = 500 * 1024 * 1024

DefaultMinDiskFreeBytes is the V125 R-5 default minimum free space (500 MB) required on the state directory's filesystem before the installer proceeds with phasePrepare's potential dnf/apt installs and file writes. Chosen as a conservative envelope covering:

  • dnf/apt cache + downloaded packages on a typical install (~150 MB)
  • FHS payload staging in /usr/lib/nftban (~50 MB)
  • nftables.conf renders (~1 MB)
  • install_state + update-history.json + lock file (<1 MB)
  • GeoIP database (~250 MB on full updates; rarer)
  • headroom for unforeseen growth
View Source 
const EnvMinDiskFreeMB = "NFTBAN_MIN_DISK_FREE_MB"

EnvMinDiskFreeMB is the environment variable name operators can use to override the default minimum free space. Value is interpreted as megabytes. Invalid values (non-numeric, zero, parse error) fall back to default.

Variables

This section is empty.

Functions

func EnsureMinDiskFree 

func EnsureMinDiskFree(path string, minBytes uint64) error

EnsureMinDiskFree returns nil if the filesystem containing path has at least minBytes of free space available to non-root processes. Returns a descriptive error otherwise.

Uses syscall.Statfs (Linux-only; the installer is Linux-only). The "free" calculation uses Bavail (blocks available to non-root) rather than Bfree (total free blocks including root-reserved space), since the installer's writes consume non-root-reserved space.

Path is filepath.Clean()-sanitized at the call site. While syscall.Statfs isn't on gosec's G304 fixed-list (it doesn't open or read file content), applying Clean is consistent with the project convention and defensive against future scanner additions.

func MinDiskFreeBytes 

func MinDiskFreeBytes() uint64

MinDiskFreeBytes returns the minimum free-space threshold to enforce, honoring the NFTBAN_MIN_DISK_FREE_MB environment variable when set and parsable as a positive integer megabyte count, and falling back to DefaultMinDiskFreeBytes otherwise.

Invalid env values (non-numeric, zero, negative, overflow, parse error) fall back to default — this is a preflight safety gate, not a parser; we don't want a typo'd env var to silently weaken protection.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.