mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
05937ab75b
* exec2: add client support for unveil filesystem isolation mode This PR adds support for a new filesystem isolation mode, "Unveil". The mode introduces a "alloc_mounts" directory where tasks have user-owned directory structure which are bind mounts into the real alloc directory structure. This enables a task driver to use landlock (and maybe the real unveil on openbsd one day) to isolate a task to the task owned directory structure, providing sandboxing. * actually create alloc-mounts-dir directory * fix doc strings about alloc mount dir paths
14 lines
284 B
Go
14 lines
284 B
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
//go:build !linux
|
|
|
|
package allocdir
|
|
|
|
import "os"
|
|
|
|
// mountDir bind mounts old to next using the given file mode.
|
|
func mountDir(old, next string, uid, gid int, mode os.FileMode) error {
|
|
panic("not implemented")
|
|
}
|