package utils

import "github.com/opencontainers/runc/libcontainer/utils"

Package utils provides general helper utilities used in libcontainer.

Index

Constants 

const MaxNameLen = 4096

MaxNameLen is the maximum length of the name of a file descriptor being sent using SendFile. The name of the file handle returned by RecvFile will never be larger than this value.

Functions

func Annotations 

func Annotations(labels []string) (bundle string, userAnnotations map[string]string)

Annotations returns the bundle path and user defined annotations from the libcontainer state. We need to remove the bundle because that is a label added by libcontainer.

func CloseExecFrom 

func CloseExecFrom(minFd int) error

CloseExecFrom sets the O_CLOEXEC flag on all file descriptors greater or equal to minFd in the current process.

func ExitStatus 

func ExitStatus(status unix.WaitStatus) int

ExitStatus returns the correct exit status for a process based on if it was signaled or exited cleanly

func NewSockPair 

func NewSockPair(name string) (parent, child *os.File, err error)

NewSockPair returns a new SOCK_STREAM unix socket pair.

func Openat 

func Openat(dir *os.File, path string, flags int, mode uint32) (*os.File, error)

Openat is a Go-friendly openat(2) wrapper.

func RecvFile 

func RecvFile(socket *os.File) (_ *os.File, Err error)

RecvFile waits for a file descriptor to be sent over the given AF_UNIX socket. The file name of the remote file descriptor will be recreated locally (it is sent as non-auxiliary data in the same payload).

func SearchLabels 

func SearchLabels(labels []string, key string) (string, bool)

SearchLabels searches through a list of key=value pairs for a given key, returning its value, and the binary flag telling whether the key exist.

func SendFile 

func SendFile(socket, file *os.File) error

SendFile sends a file over the given AF_UNIX socket. file.Name() is also included so that if the other end uses RecvFile, the file will have the same name information.

func SendRawFd 

func SendRawFd(socket *os.File, msg string, fd uintptr) error

SendRawFd sends a specific file descriptor over the given AF_UNIX socket.

func UnsafeCloseFrom 

func UnsafeCloseFrom(minFd int) error

UnsafeCloseFrom closes all file descriptors greater or equal to minFd in the current process, except for those critical to Go's runtime (such as the netpoll management descriptors).

NOTE: That this function is incredibly dangerous to use in most Go code, as closing file descriptors from underneath *os.File handles can lead to very bad behaviour (the closed file descriptor can be reused and then any *os.File operations would apply to the wrong file). This function is only intended to be called from the last stage of runc init.

func WithProcfdFile 

func WithProcfdFile(file *os.File, fn func(procfd string) error) error

WithProcfdFile is a very minimal wrapper around ProcThreadSelfFd. The caller is responsible for making sure that the provided file handle is actually safe to operate on.

NOTE: THIS FUNCTION IS INTERNAL TO RUNC, DO NOT USE IT.

TODO: Migrate the mount logic towards a more move_mount(2)-friendly design where this is kind of /proc/self/... tomfoolery is only done in a fallback path for old kernels.

func WriteJSON 

func WriteJSON(w io.Writer, v any) error

WriteJSON writes the provided struct v to w using standard json marshaling without a trailing newline. This is used instead of json.Encoder because there might be a problem in json decoder in some cases, see: https://github.com/docker/docker/issues/14203#issuecomment-174177790

Types

type ProcThreadSelfCloser 

type ProcThreadSelfCloser func()

func ProcThreadSelf 

func ProcThreadSelf(subpath string) (string, ProcThreadSelfCloser)

ProcThreadSelf returns a string that is equivalent to /proc/thread-self/<subpath>, with a graceful fallback on older kernels where /proc/thread-self doesn't exist. This method DOES NOT use SecureJoin, meaning that the passed string needs to be trusted. The caller _must_ call the returned procThreadSelfCloser function (which is runtime.UnlockOSThread) *only once* after it has finished using the returned path string.

func ProcThreadSelfFd 

func ProcThreadSelfFd(fd uintptr) (string, ProcThreadSelfCloser)

ProcThreadSelfFd is small wrapper around ProcThreadSelf to make it easier to create a /proc/thread-self handle for given file descriptor.

It is basically equivalent to ProcThreadSelf(fmt.Sprintf("fd/%d", fd)), but without using fmt.Sprintf to avoid unneeded overhead.

Source Files

cmsg.go utils.go utils_unix.go

Version
v1.5.0-rc.2
Published
Apr 3, 2026
Platform
darwin/amd64
Imports
14 packages
Last checked
7 minutes ago

Tools for package owners.