Crate unshare

Crate unshare 

Source
Expand description

The Command has mostly same API as std::process::Command except where is absolutely needed.

In addition Command contains methods to configure linux namespaces, chroots and more linux stuff.

We have diverged from std::process::Command in the following major things:

  1. Error handling. Since sometimes we have long chains of system calls involved, we need to give user some way to find out which call failed with an error, so io::Error is not an option. We have error::Error class which describes the error as precisely as possible

  2. We set PDEATHSIG to SIGKILL by default. I.e. child process will die when parent is dead. This is what you want most of the time. If you want to allow child process to daemonize explicitly call the allow_daemonize method (but look at documentation of Command::set_parent_death_signal first).

  3. We don’t search for program in PATH. It’s hard to do right in all cases of chroot, pivot_root, user and mount namespaces. So we expect its easier to do for your specific container setup.

Anyway this is low-level interface. You may want to use some higher level abstraction which mounts filesystems, sets network and monitors processes.

Structs§

Child
The reference to the running child
Command
Main class for running processes. Works in the spirit of builder pattern.
GidMap
Entry (row) in the gid map
PipeReader
A reading end of Pipe object after Pipe::split
PipeWriter
A writing end of Pipe object after Pipe::split
Printer
A temporary value returned from Command::display for the sole purpose of being Display’ed.
Style
This is a builder for various settings of how command may be printed
UidMap
Entry (row) in the uid map

Enums§

Capability
ChildEvent
The event returned from child_events() iterator
Error
Error runnning process
ExitStatus
The exit status of a process
Fd
An enumeration that is used to configure non-stdio file descriptors. It differs from stdio one because we must differentiate from readable and writable file descriptors for things open by the library
Namespace
Namespace name to unshare
Signal
Stdio
An enumeration that is used to configure stdio file descritors

Functions§

child_events
Creates iterator over child events
reap_zombies
Creates iterator over zombie processes