{"id":18497827,"url":"https://github.com/containers/kubensmnt","last_synced_at":"2025-07-23T12:04:11.755Z","repository":{"id":37552081,"uuid":"505894252","full_name":"containers/kubensmnt","owner":"containers","description":null,"archived":false,"fork":false,"pushed_at":"2023-06-20T20:17:27.000Z","size":35,"stargazers_count":4,"open_issues_count":0,"forks_count":3,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-04-09T17:59:22.185Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/containers.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-21T15:11:02.000Z","updated_at":"2024-03-15T08:05:16.000Z","dependencies_parsed_at":"2024-06-19T05:26:16.253Z","dependency_job_id":"a846f85f-d12d-4583-8f04-a3d946dc8cc7","html_url":"https://github.com/containers/kubensmnt","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/containers/kubensmnt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fkubensmnt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fkubensmnt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fkubensmnt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fkubensmnt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/containers","download_url":"https://codeload.github.com/containers/kubensmnt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containers%2Fkubensmnt/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266673562,"owners_count":23966372,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-23T02:00:09.312Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T13:36:07.736Z","updated_at":"2025-07-23T12:04:11.732Z","avatar_url":"https://github.com/containers.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kubensmnt\n\n[![Integration Test](https://github.com/containers/kubensmnt/actions/workflows/integration-test.yml/badge.svg)](https://github.com/containers/kubensmnt/actions/workflows/integration-test.yml)\n[![ShellCheck](https://github.com/containers/kubensmnt/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/containers/kubensmnt/actions/workflows/shellcheck.yml)\n\nA small library to enable go programs to join a new mount namespace, designed\nfor helping get the Kubernetes control plane (kubelet and the container\nruntime) into a separate mount namespace.\n\n## Rationale\n\nThere are benefits to hiding all of Kubernetes' mount points from the host OS,\nincluding cleanliness, safety from inspection, and reducing the load on system\nprocesses like systemd that may need to interact with all mount in the default\nnamespace.\n\n# How to use\n\nInclude this library in your main.go:\n\n```go\nimport \"github.com/containers/kubensmnt\"\n```\n\nThis will cause a C constructor function to run before the Go runtime fully\ninitializes which will do the following:\n- If `$KUBENSMNT` is not set in the environment, do nothing.\n- If `$KUBENSMNT` is set in the environment, and it points at a valid path that\n  is a bind-mount to a mount namespace, join that mount namespace.\n  - If there is an error finding the bindmount path or joining the namespace,\n    the error is recorded and can be retrieved via the `Status` call.\n\nInside the Go code, you can then check what happened during init and take\nactions accordingly:\n\n```go\nfunc main() {\n    path, err := kubensmnt.Status()\n    if err != nil {\n        panic(err)\n    }\n    if path == \"\" {\n        fmt.Println(\"No mount namespace was configured; no action was taken\")\n    } else {\n        fmt.Printf(\"Successfully joined the namespace bound to %q\\n\", path)\n    }\n    // Go on to do more important things...\n}\n```\n\n# Running in a separate mount namespace\n\nSee the [utils/README.md](utils/README.md) for systemd services,\nscripts, and installation instructions for running Kubernetes in a\nseparate mount namespace, with or without building against this\nlibrary.\n\n# Testing\n\nSee [test/README.md](test/README.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fkubensmnt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontainers%2Fkubensmnt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainers%2Fkubensmnt/lists"}