Documentation
¶
Overview ¶
Package gvisor provides a backend that executes code with gVisor (runsc). Provides stronger isolation than plain containers; appropriate for untrusted multi-tenant execution.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrGVisorNotAvailable is returned when gVisor/runsc is not available. ErrGVisorNotAvailable = errors.New("gvisor not available") // ErrSandboxCreationFailed is returned when sandbox creation fails. ErrSandboxCreationFailed = errors.New("sandbox creation failed") // ErrSandboxExecutionFailed is returned when sandbox execution fails. ErrSandboxExecutionFailed = errors.New("sandbox execution failed") )
Errors for gVisor backend operations.
Functions ¶
This section is empty.
Types ¶
type Backend ¶
type Backend struct {
// contains filtered or unexported fields
}
Backend executes code with gVisor for stronger isolation.
func (*Backend) Execute ¶
func (b *Backend) Execute(_ context.Context, req runtime.ExecuteRequest) (runtime.ExecuteResult, error)
Execute runs code with gVisor isolation.
func (*Backend) Kind ¶
func (b *Backend) Kind() runtime.BackendKind
Kind returns the backend kind identifier.
type Config ¶
type Config struct {
// RunscPath is the path to the runsc binary.
// Default: runsc (uses PATH)
RunscPath string
// RootDir is the root directory for gVisor state.
// Default: /var/run/gvisor
RootDir string
// Platform is the gVisor platform to use.
// Options: ptrace, kvm, systrap
// Default: systrap
Platform string
// NetworkMode specifies the network configuration.
// Options: none, sandbox, host
// Default: none
NetworkMode string
// Logger is an optional logger for backend events.
Logger Logger
}
Config configures a gVisor backend.
Source Files
Click to show internal directories.
Click to hide internal directories.