Crate libcontainer

Re-exports

pub use oci_spec;

Modules

apparmor

capabilities

Handles Management of Capabilities

channel

config

container

Container management

error

hooks

namespaces

Namespaces provide isolation of resources for processes at a kernel level. The namespaces are: Mount (filesystem), Process (processes in a namespace have two PIDs, one for the global PID, which is used by the main system and the second one is for the child within the process tree), Interprocess Communication (Control or communication between processes), Network (which network devices can be seen by the processes in the namespace), User (User configs), UTS (hostname and domain information, processes will think they’re running on servers with different names), Cgroup (Resource limits, execution priority etc.)

notify_socket

process

Provides a thin wrapper around fork syscall, with enums and functions specific to youki implemented

rootfs

During kernel initialization, a minimal replica of the ramfs filesystem is loaded, called rootfs. Most systems mount another filesystem over it

seccomp

signal

Returns *nix signal enum value from passed string

syscall

Contains a wrapper of syscalls for unit tests This provides a uniform interface for rest of Youki to call syscalls required for container management

test_utils

tty

tty (teletype) for user-system interaction

user_ns

utils

Utility functionality

workload