package systrap

import "gvisor.dev/gvisor/pkg/sentry/platform/systrap"

Package systrap provides a seccomp-based implementation of the platform interface.

In a nutshell, it works as follows:

The creation of a new address space creates a new child processes.

The creation of a new stub thread creates a new system thread with a specified address space. To initialize this thread, the following action will be done:

A platformContext is just a collection of temporary variables. Calling Switch on a platformContext does the following: 

Set up proper registers and an FPU state on a stub signal frame.
Wake up a stub thread by changing sysmsg->stage and calling FUTEX_WAKE.
Wait for new stub event by polling sysmsg->stage.

Lock order: 

subprocessPool.mu
	subprocess.mu
		platformContext.mu

+checkalignedignore

Index

Constants 

const (
	ERESTARTSYS    = unix.Errno(512)
	ERESTARTNOINTR = unix.Errno(513)
	ERESTARTNOHAND = unix.Errno(514)
)

Linux kernel errnos which "should never be seen by user programs", but will be revealed to ptrace syscall exit tracing.

These constants are only used in subprocess.go.

Variables 

var SystrapProfiling = metric.FakeMetricBuilder{}

SystrapProfiling is a builder that produces conditionally compiled metrics. Metrics made from this are compiled and active at runtime when the "systrap_profiling" go-tag is specified at compilation.

Types

type Systrap 

type Systrap struct {
	platform.NoCPUPreemptionDetection
	platform.UseHostGlobalMemoryBarrier
	// contains filtered or unexported fields
}

Systrap represents a collection of seccomp subprocesses.

func New 

func New(opts platform.Options) (*Systrap, error)

New returns a new seccomp-based implementation of the platform interface.

func (*Systrap) CooperativelySchedulesAddressSpace 

func (*Systrap) CooperativelySchedulesAddressSpace() bool

CooperativelySchedulesAddressSpace implements platform.Platform.CooperativelySchedulesAddressSpace.

func (*Systrap) MapUnit 

func (*Systrap) MapUnit() uint64

MapUnit implements platform.Platform.MapUnit.

func (*Systrap) MaxUserAddress 

func (*Systrap) MaxUserAddress() hostarch.Addr

MaxUserAddress returns the first address that may not be used by user applications.

func (*Systrap) MinUserAddress 

func (*Systrap) MinUserAddress() hostarch.Addr

MinUserAddress implements platform.MinUserAddress.

func (*Systrap) NewAddressSpace 

func (p *Systrap) NewAddressSpace(any) (platform.AddressSpace, <-chan struct{}, error)

NewAddressSpace returns a new subprocess.

func (*Systrap) NewContext 

func (*Systrap) NewContext(ctx pkgcontext.Context) platform.Context

NewContext returns an interruptible platformContext.

func (*Systrap) SeccompInfo 

func (p *Systrap) SeccompInfo() platform.SeccompInfo

SeccompInfo returns seccomp filter info for the systrap platform.

func (*Systrap) SupportsAddressSpaceIO 

func (*Systrap) SupportsAddressSpaceIO() bool

SupportsAddressSpaceIO implements platform.Platform.SupportsAddressSpaceIO.

Source Files

context_queue.go context_queue_unsafe.go filters.go filters_amd64.go metrics.go shared_context.go shared_context_norace.go stub_defs.go stub_unsafe.go subprocess.go subprocess_amd64.go subprocess_linux.go subprocess_linux_unsafe.go subprocess_pool.go subprocess_unsafe.go syscall_thread.go syscall_thread_amd64.go syscall_thread_defs.go syscall_thread_unsafe.go sysmsg_thread.go sysmsg_thread_amd64.go sysmsg_thread_unsafe.go systrap.go systrap_amd64.go systrap_profiling_fake.go systrap_unsafe.go

Directories

PathSynopsis
pkg/sentry/platform/systrap/sysmsgPackage sysmsg provides a stub signal handler and a communication protocol between stub threads and the Sentry.
pkg/sentry/platform/systrap/usertrapPackage usertrap implements the library to replace syscall instructions with function calls.
Version
v0.0.0-20250605235530-a6711d1e1dc6 (latest)
Published
Jun 5, 2025
Platform
linux/amd64
Imports
39 packages
Last checked
4 hours ago

Tools for package owners.