MCPcopy Index your code
hub / github.com/apptainer/singularity / Operations

Interface Operations

internal/pkg/runtime/engine/engine_linux.go:32–91  ·  view source on GitHub ↗

Operations is an interface describing necessary operations to launch a container process. Some of them may be called with elevated privilege or the potential to escalate privileges. Refer to an individual method documentation for a detailed description of the context in which it is called.

Source from the content-addressed store, hash-verified

30// or the potential to escalate privileges. Refer to an individual method
31// documentation for a detailed description of the context in which it is called.
32type Operations interface {
33 // Config returns a zero value of the current EngineConfig, which
34 // depends on the implementation, used to populate the Common struct.
35 //
36 // Since this method simply returns a zero value of the concrete
37 // EngineConfig, it does not matter whether or not there are any elevated
38 // privileges during this call.
39 Config() config.EngineConfig
40 // InitConfig stores the parsed config.Common inside the Operations
41 // implementation.
42 //
43 // Since this method simply stores config.Common, it does not matter
44 // whether or not there are any elevated privileges during this call.
45 InitConfig(*config.Common)
46 // PrepareConfig is called during stage1 to validate and prepare
47 // container configuration.
48 //
49 // No additional privileges can be gained as any of them are already
50 // dropped by the time PrepareConfig is called.
51 PrepareConfig(*starter.Config) error
52 // CreateContainer is called from master process to prepare container
53 // environment, e.g. perform mount operations, setup network, etc.
54 //
55 // Additional privileges required for setup may be gained when running
56 // in suid flow. However, when a user namespace is requested and it is not
57 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
58 // and thus no additional privileges can be gained.
59 CreateContainer(context.Context, int, net.Conn) error
60 // StartProcess is called during stage2 after RPC server finished
61 // environment preparation. This is the container process itself.
62 //
63 // No additional privileges can be gained during this call (unless container
64 // is executed as root intentionally) as starter will set uid/euid/suid
65 // to the targetUID (PrepareConfig will set it by calling starter.Config.SetTargetUID).
66 StartProcess(int) error
67 // PostStartProcess is called from master after successful
68 // execution of the container process.
69 //
70 // Additional privileges may be gained when running
71 // in suid flow. However, when a user namespace is requested and it is not
72 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
73 // and thus no additional privileges can be gained.
74 PostStartProcess(context.Context, int) error
75 // MonitorContainer is called from master once the container has
76 // been spawned. It will typically block until the container exists.
77 //
78 // Additional privileges may be gained when running
79 // in suid flow. However, when a user namespace is requested and it is not
80 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
81 // and thus no additional privileges can be gained.
82 MonitorContainer(int, chan os.Signal) (syscall.WaitStatus, error)
83 // CleanupContainer is called from master after the MonitorContainer returns.
84 // It is responsible for ensuring that the container has been properly torn down.
85 //
86 // Additional privileges may be gained when running
87 // in suid flow. However, when a user namespace is requested and it is not
88 // a hybrid workflow (e.g. fakeroot), then there is no privileged saved uid
89 // and thus no additional privileges can be gained.

Callers 10

GetFunction · 0.65
GetFunction · 0.65
StageOneFunction · 0.65
createSIFFunction · 0.65
makeSIFFunction · 0.65
createContainerFunction · 0.65
StageTwoFunction · 0.65
startContainerFunction · 0.65
MasterFunction · 0.65
MasterFunction · 0.65

Implementers 3

EngineOperationsinternal/pkg/runtime/engine/fakeroot/e
EngineOperationsinternal/pkg/runtime/engine/oci/engine
EngineOperationsinternal/pkg/runtime/engine/singularit

Calls

no outgoing calls

Tested by

no test coverage detected