runtimeenv

package
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 23, 2026 License: MIT Imports: 4 Imported by: 0

Documentation

Overview

Package runtimeenv is the agent's read-only self-inspection of HOW it is running on this host: the OS/distro, the service manager that started it (systemd / OpenRC / launchd / Windows service / none), the unit name, whether it runs as root, and whether its filesystem view is sandboxed (e.g. systemd ProtectSystem= making /etc a read-only mount).

The point is that the right *fix* for a permission problem depends on this. An agent running as root under a systemd sandbox cannot write /etc/nginx because the mount is read-only (EROFS) — adding the user to a group or granting sudo does nothing; the fix is a ReadWritePaths drop-in. An agent running as an unprivileged user needs the opposite: group ownership for the config dir and a scoped sudoers entry for reload. So the remediation the dashboard shows is selected from this environment, not assumed.

Everything here is read-only and never panics. The parsing helpers (os-release, cgroup, mountinfo) are pure functions over file content so they are unit-testable without a real host; Detect() wires them to the live sources.

Index

Constants

View Source 
const (
	InitSystemd = "systemd"
	InitOpenRC  = "openrc"
	InitLaunchd = "launchd"
	InitWindows = "windows-service"
)

Init names the service manager an agent runs under, or "" when it was started directly (foreground / a wrapper we don't recognize).

Variables

This section is empty.

Functions

This section is empty.

Types

type Env 

type Env struct {
	// OS is runtime.GOOS ("linux", "darwin", "windows", "freebsd", …).
	OS string
	// Distro is the Linux distribution ID from /etc/os-release (e.g. "debian",
	// "ubuntu", "rhel", "arch", "alpine"), empty off Linux or when unknown.
	Distro string
	// DistroLike are the os-release ID_LIKE tokens (e.g. ["debian"] for Ubuntu),
	// useful for matching a family when the exact ID isn't recognized.
	DistroLike []string
	// Init is the service manager that started the agent (see Init* constants),
	// or "" when run directly / unrecognized.
	Init string
	// Managed reports whether a service manager started the agent (vs foreground).
	Managed bool
	// Unit is the service unit name when known (e.g. "nurproxy-agent.service"),
	// woven verbatim into a systemd `systemctl edit`/drop-in remediation.
	Unit string
	// Sandboxed reports whether the agent's filesystem view is read-only-protected
	// (systemd ProtectSystem=/ReadOnlyPaths), detected best-effort by checking
	// whether /etc is a read-only mount for this process.
	Sandboxed bool
	// UID is the effective user id, or -1 where unavailable (Windows).
	UID int
	// User is the username the agent runs as, empty if it could not be resolved.
	User string
	// IsRoot reports whether the agent runs as root (UID 0).
	IsRoot bool
}

Env is the detected runtime environment. Its zero value is a safe "unknown" that selects the conservative, non-root remediation path.

func Detect 

func Detect() Env

Detect inspects the live host and returns its runtime environment. It is read-only, best-effort, and never fails: anything it cannot determine is left at its zero value.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.