sentry/ directory

gvisor – gvisor.dev/gvisor/pkg/sentry Directories

Directories ¶

Path	Synopsis
pkg/sentry/arch	Package arch provides abstractions around architecture-dependent details, such as syscall calling conventions, native types, etc.
pkg/sentry/arch/fpu	Package fpu provides basic floating point helpers.
pkg/sentry/contexttest	Package contexttest builds a test context.Context.
pkg/sentry/control	Package control contains types that expose control server methods, and can be used to configure and interact with a running sandbox process.
pkg/sentry/devices
pkg/sentry/devices/memdev	Package memdev implements "mem" character devices, as implemented in Linux by drivers/char/mem.c and drivers/char/random.c.
pkg/sentry/devices/nvproxy	Package nvproxy implements proxying for the Nvidia GPU Linux kernel driver: https://github.com/NVIDIA/open-gpu-kernel-modules.
pkg/sentry/devices/nvproxy/nvconf	Package nvconf provides configuration structures and utilities for nvproxy.
pkg/sentry/devices/tpuproxy	Package tpuproxy contains tpu backend driver proxy implementations and helper functions.
pkg/sentry/devices/tpuproxy/accel	Package accel implements a proxy for gasket based accel devices.
pkg/sentry/devices/tpuproxy/util	Package util contains helper functions for tpuproxy implementations.
pkg/sentry/devices/tpuproxy/vfio	Package vfio implements a proxy for VFIO devices.
pkg/sentry/devices/ttydev	Package ttydev implements a vfs.Device for /dev/tty.
pkg/sentry/devices/tundev	Package tundev implements the /dev/net/tun device.
pkg/sentry/fdcollector	Package fdcollector provides a goroutine that reads from a vfs.FileDescription (which may block) into a bytes.Buffer.
pkg/sentry/fdimport	Package fdimport provides the Import function.
pkg/sentry/fsimpl
pkg/sentry/fsimpl/cgroupfs	Package cgroupfs implements cgroupfs.
pkg/sentry/fsimpl/dev	Package dev provides a filesystem implementation for /dev.
pkg/sentry/fsimpl/devpts	Package devpts provides a filesystem implementation that behaves like devpts.
pkg/sentry/fsimpl/devtmpfs	Package devtmpfs provides a singleton fsimpl/dev filesystem instance, analogous to Linux's devtmpfs.
pkg/sentry/fsimpl/erofs	Package erofs implements erofs.
pkg/sentry/fsimpl/eventfd	Package eventfd implements event fds.
pkg/sentry/fsimpl/fuse	Package fuse implements fusefs.
pkg/sentry/fsimpl/gofer	Package gofer provides a filesystem implementation that is backed by a 9p server, interchangeably referred to as "gofers" throughout this package.
pkg/sentry/fsimpl/host	Package host provides a filesystem implementation for host files imported as file descriptors.
pkg/sentry/fsimpl/iouringfs	Package iouringfs provides a filesystem implementation for IO_URING basing it on anonfs.
pkg/sentry/fsimpl/kernfs	Package kernfs provides the tools to implement inode-based filesystems.
pkg/sentry/fsimpl/lock	Package lock is the API for POSIX-style advisory regional file locks and BSD-style full file locks.
pkg/sentry/fsimpl/mqfs	Package mqfs provides a filesystem implementation to back POSIX message queues.
pkg/sentry/fsimpl/nsfs	Package nsfs provides the filesystem implementation backing Kernel.NsfsMount.
pkg/sentry/fsimpl/overlay	Package overlay provides an overlay filesystem implementation, which synthesizes a filesystem by composing one or more immutable filesystems ("lower layers") with an optional mutable filesystem ("upper layer").
pkg/sentry/fsimpl/pipefs	Package pipefs provides the filesystem implementation backing Kernel.PipeMount.
pkg/sentry/fsimpl/proc	Package proc implements a partial in-memory file system for procfs.
pkg/sentry/fsimpl/signalfd	Package signalfd provides basic signalfd file implementations.
pkg/sentry/fsimpl/sockfs	Package sockfs provides a filesystem implementation for anonymous sockets.
pkg/sentry/fsimpl/sys	Package sys implements sysfs.
pkg/sentry/fsimpl/testutil	Package testutil provides common test utilities for kernfs-based filesystems.
pkg/sentry/fsimpl/timerfd	Package timerfd implements timer fds.
pkg/sentry/fsimpl/tmpfs	Package tmpfs provides an in-memory filesystem whose contents are application-mutable, consistent with Linux's tmpfs.
pkg/sentry/fsimpl/user	Package user contains methods for resolving filesystem paths based on the user and their environment.
pkg/sentry/fsmetric	Package fsmetric defines filesystem metrics.
pkg/sentry/fsutil	Package fsutil provides utilities for implementing vfs.FileDescriptionImpl and vfs.FilesystemImpl.
pkg/sentry/hostcpu	Package hostcpu provides utilities for working with CPU information provided by a host Linux kernel.
pkg/sentry/hostfd	Package hostfd provides efficient I/O with host file descriptors.
pkg/sentry/hostmm	Package hostmm provides tools for interacting with the host Linux kernel's virtual memory management subsystem.
pkg/sentry/inet	Package inet defines semantics for IP stacks.
pkg/sentry/kernel	Package kernel provides an emulation of the Linux kernel.
pkg/sentry/kernel/auth	Package auth implements an access control model that is a subset of Linux's.
pkg/sentry/kernel/contexttest	Package contexttest provides a test context.Context which includes a dummy kernel pointing to a valid platform.
pkg/sentry/kernel/fasync	Package fasync provides FIOASYNC related functionality.
pkg/sentry/kernel/futex	Package futex provides an implementation of the futex interface as found in the Linux kernel.
pkg/sentry/kernel/ipc	Package ipc defines functionality and utilities common to sysvipc mechanisms.
pkg/sentry/kernel/memevent	Package memevent implements the memory usage events controller, which periodically emits events via the eventchannel.
pkg/sentry/kernel/mq	Package mq provides an implementation for POSIX message queues.
pkg/sentry/kernel/msgqueue	Package msgqueue implements System V message queues.
pkg/sentry/kernel/pipe	Package pipe provides a pipe implementation.
pkg/sentry/kernel/sched	Package sched implements scheduler related features.
pkg/sentry/kernel/semaphore	Package semaphore implements System V semaphores.
pkg/sentry/kernel/shm	Package shm implements sysv shared memory segments.
pkg/sentry/ktime	Package ktime provides an API for clocks and timers implemented by the sentry.
pkg/sentry/limits	Package limits provides resource limits.
pkg/sentry/loader	Package loader loads an executable file into a MemoryManager.
pkg/sentry/loader/vdsodata	Package vdsodata contains a compiled VDSO object.
pkg/sentry/memmap	Package memmap defines semantics for memory mappings.
pkg/sentry/mm	Package mm provides a memory management subsystem.
pkg/sentry/pgalloc	Package pgalloc contains the page allocator subsystem, which provides allocatable memory that may be mapped into application address spaces.
pkg/sentry/platform	Package platform provides a Platform abstraction.
pkg/sentry/platform/interrupt	Package interrupt provides an interrupt helper.
pkg/sentry/platform/kvm	Package kvm provides a kvm-based implementation of the platform interface.
pkg/sentry/platform/kvm/testutil	Package testutil provides common assembly stubs for testing.
pkg/sentry/platform/platforms	Package platforms imports all available platform packages.
pkg/sentry/platform/ptrace	Package ptrace provides a ptrace-based implementation of the platform interface.
pkg/sentry/platform/systrap	Package systrap provides a seccomp-based implementation of the platform interface.
pkg/sentry/platform/systrap/sysmsg	Package sysmsg provides a stub signal handler and a communication protocol between stub threads and the Sentry.
pkg/sentry/platform/systrap/usertrap	Package usertrap implements the library to replace syscall instructions with function calls.
pkg/sentry/seccheck	Package seccheck defines a structure for dynamically-configured security checks in the sentry.
pkg/sentry/seccheck/sinks
pkg/sentry/seccheck/sinks/null	Package null defines a seccheck.Sink that does nothing with the trace points, akin to /dev/null.
pkg/sentry/seccheck/sinks/remote	Package remote defines a seccheck.Sink that serializes points to a remote process.
pkg/sentry/seccheck/sinks/remote/server	Package server provides a common server implementation that can connect with remote.Remote.
pkg/sentry/seccheck/sinks/remote/test	Package test provides functionality used to test the remote sink.
pkg/sentry/seccheck/sinks/remote/wire	Package wire defines structs used in the wire format for the remote checker.
pkg/sentry/socket	Package socket provides the interfaces that need to be provided by socket implementations and providers, as well as per family demultiplexing of socket creation.
pkg/sentry/socket/control	Package control provides internal representations of socket control messages.
pkg/sentry/socket/hostinet	Package hostinet implements AF_INET and AF_INET6 sockets using the host's network stack.
pkg/sentry/socket/netfilter	Package netfilter helps the sentry interact with netstack's netfilter capabilities.
pkg/sentry/socket/netlink	Package netlink provides core functionality for netlink sockets.
pkg/sentry/socket/netlink/nlmsg	Package nlmsg provides helpers to parse and construct netlink messages.
pkg/sentry/socket/netlink/port	Package port provides port ID allocation for netlink sockets.
pkg/sentry/socket/netlink/route	Package route provides a NETLINK_ROUTE socket protocol.
pkg/sentry/socket/netlink/uevent	Package uevent provides a NETLINK_KOBJECT_UEVENT socket protocol.
pkg/sentry/socket/netstack	Package netstack provides an implementation of the socket.Socket interface that is backed by a tcpip.Endpoint.
pkg/sentry/socket/netstack/packetmmap	Package packetmmap contains the packet mmap implementation for netstack.
pkg/sentry/socket/plugin	Package plugin provides a set of interfaces to interact with third-party netstack.
pkg/sentry/socket/plugin/cgo	Package cgo provides interfaces definition to interact with third-party network stack.
pkg/sentry/socket/plugin/stack	Package stack provides an implementation of plugin.PluginStack interface and an implementation of socket.Socket interface.
pkg/sentry/socket/unix	Package unix provides an implementation of the socket.Socket interface for the AF_UNIX protocol family.
pkg/sentry/socket/unix/transport	Package transport contains the implementation of Unix endpoints.
pkg/sentry/state	Package state provides high-level state wrappers.
pkg/sentry/strace	Package strace implements the logic to print out the input and the return value of each traced syscall.
pkg/sentry/syscalls	Package syscalls is the interface from the application to the kernel.
pkg/sentry/syscalls/linux	Package linux provides syscall tables for amd64 and arm64 Linux.
pkg/sentry/time	Package time provides a calibrated clock synchronized to a system reference clock.
pkg/sentry/unimpl	Package unimpl contains interface to emit events about unimplemented features.
pkg/sentry/uniqueid	Package uniqueid defines context.Context keys for obtaining system-wide unique identifiers.
pkg/sentry/usage	Package usage provides representations of resource usage.
pkg/sentry/vfs	Package vfs implements a virtual filesystem layer.
pkg/sentry/vfs/genericfstree	Package genericfstree provides tools for implementing vfs.FilesystemImpls that follow a standard pattern for synchronizing Dentry parent and name.
pkg/sentry/vfs/memxattr	Package memxattr provides a default, in-memory extended attribute implementation.
pkg/sentry/watchdog	Package watchdog is responsible for monitoring the sentry for tasks that may potentially be stuck or looping inderterminally causing hard to debug hangs in the untrusted app.

Version: v0.0.0-20250605235530-a6711d1e1dc6 (latest)
Published: Jun 5, 2025
Platform: linux/amd64
Last checked: 4 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples

sentry/ directory

Directories ¶

Keyboard shortcuts