MCPcopy
hub / github.com/apptainer/apptainer / Operations

Interface Operations

internal/pkg/runtime/engine/engine_linux.go:36–96  ·  view source on GitHub ↗

Operations is an interface describing necessary operations to launch a container process. Some of them may be called with elevated privilege or the potential to escalate privileges. Refer to an individual method documentation for a detailed description of the context in which it is called.

Source from the content-addressed store, hash-verified

34// or the potential to escalate privileges. Refer to an individual method
35// documentation for a detailed description of the context in which it is called.
36type Operations interface {
37 // Config returns a zero value of the current EngineConfig, which
38 // depends on the implementation, used to populate the Common struct.
39 //
40 // Since this method simply returns a zero value of the concrete
41 // EngineConfig, it does not matter whether or not there are any elevated
42 // privileges during this call.
43 Config() config.EngineConfig
44 // InitConfig stores the parsed config.Common inside the Operations
45 // implementation and may do additional initialization depending on
46 // the second parameter which is true only when running setuid
47 // in stage1.
48 //
49 // No elevated privileges are needed during this call.
50 InitConfig(*config.Common, bool)
51 // PrepareConfig is called during stage1 to validate and prepare
52 // container configuration.
53 //
54 // No additional privileges can be gained as any of them are already
55 // dropped by the time PrepareConfig is called.
56 PrepareConfig(*starter.Config) error
57 // CreateContainer is called from master process to prepare container
58 // environment, e.g. perform mount operations, setup network, etc.
59 //
60 // Additional privileges required for setup may be gained when running
61 // in suid flow. However, when a user namespace is requested and it is not
62 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
63 // and thus no additional privileges can be gained.
64 CreateContainer(context.Context, int, net.Conn) error
65 // StartProcess is called during stage2 after RPC server finished
66 // environment preparation. This is the container process itself.
67 //
68 // No additional privileges can be gained during this call (unless container
69 // is executed as root intentionally) as starter will set uid/euid/suid
70 // to the targetUID (PrepareConfig will set it by calling starter.Config.SetTargetUID).
71 StartProcess(int) error
72 // PostStartProcess is called from master after successful
73 // execution of the container process.
74 //
75 // Additional privileges may be gained when running
76 // in suid flow. However, when a user namespace is requested and it is not
77 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
78 // and thus no additional privileges can be gained.
79 PostStartProcess(context.Context, int) error
80 // MonitorContainer is called from master once the container has
81 // been spawned. It will typically block until the container exists.
82 //
83 // Additional privileges may be gained when running
84 // in suid flow. However, when a user namespace is requested and it is not
85 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
86 // and thus no additional privileges can be gained.
87 MonitorContainer(int, chan os.Signal) (syscall.WaitStatus, error)
88 // CleanupContainer is called from master after the MonitorContainer returns.
89 // It is responsible for ensuring that the container has been properly torn down.
90 //
91 // Additional privileges may be gained when running
92 // in suid flow. However, when a user namespace is requested and it is not
93 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid

Callers 8

GetFunction · 0.65
GetFunction · 0.65
StageOneFunction · 0.65
createContainerFunction · 0.65
StageTwoFunction · 0.65
startContainerFunction · 0.65
MasterFunction · 0.65
MasterFunction · 0.65

Implementers 3

EngineOperationsinternal/pkg/runtime/engine/fakeroot/e
EngineOperationsinternal/pkg/runtime/engine/oci/engine
EngineOperationsinternal/pkg/runtime/engine/apptainer/

Calls

no outgoing calls

Tested by

no test coverage detected