This is a play proposal for a new wrapper around go build that would build your binary but
wrap it in code that would prepare isolation around your binary on run.
A concept of this is in https://github.com/jfrazelle/binctr, in that it takes a docker image and embeds the contents into a final binary so you have a self-contained binary.
The binctr example is unnessesarily heavy for go binaries because all you need is a completely static
binary.
Setup:
# set CONTRIBUTORS file to mailmap to remove duplicate emails for the same name
# see: https://git-scm.com/docs/git-shortlog#_mapping_authors
$ git config mailmap.file CONTRIBUTORSTop 10 contributors (all):
| FROM debian:jessie | |
| RUN apt-get update && apt-get install -y \ | |
| ca-certificates \ | |
| curl \ | |
| e2fsprogs \ | |
| init-system-helpers \ | |
| iptables \ | |
| libapparmor1 \ | |
| libltdl7 \ |
| Makefile | |
| .git | |
| .gitignore |
| #define _GNU_SOURCE | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <sched.h> | |
| #include <sys/wait.h> | |
| #include <errno.h> | |
| #define STACKSIZE (1024*1024) | |
| static char child_stack[STACKSIZE]; |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023170] BUG: unable to handle kernel NULL pointer dereference at 0000000000000016 | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023273] IP: [<ffffffff81217490>] __detach_mounts+0x40/0x90 | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023365] PGD 2cd17b067 PUD 40bd44067 PMD 0 | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023425] Oops: 0000 [#1] SMP | |
| Sep 21 15:10:47 pr-builder-11 kernel: [ 6071.023468] Modules linked in: dummy xt_nat xt_tcpudp dm_thin_pool dm_persistent_data dm_bio_prison dm_bufio libcrc32c veth xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 xt_addrtype iptable_filter ip_tables x_tables br_netfilter nf_nat nf_conntrack bridge stp llc overlay iosf_mbi ppdev kvm_intel kvm cirrus crct10dif_pclmul crc32_pclmul ttm ghash_clmulni_intel drm_kms_helper aesni_intel aes_x86_64 lrw drm gf128mul glue_helper ablk_helper cryptd syscopyarea serio_raw sysfillrect sysimgblt i2c_piix4 parport_pc pvpanic 8250_fi |
| #!/bin/bash | |
| set -e | |
| # Send a private message to someone on slack | |
| # from the command line. | |
| # Print a usage message and exit. | |
| usage(){ | |
| local name=$(basename "$0") |
| Graphics Feature Status | |
| Canvas: Software only, hardware acceleration unavailable | |
| Flash: Hardware accelerated | |
| Flash Stage3D: Software only, hardware acceleration unavailable | |
| Flash Stage3D Baseline profile: Software only, hardware acceleration unavailable | |
| Compositing: Hardware accelerated | |
| Multiple Raster Threads: Enabled | |
| Rasterization: Software only, hardware acceleration unavailable | |
| Threaded Rasterization: Enabled | |
| Video Decode: Software only, hardware acceleration unavailable |
| May 20 07:25:41 debian kernel: [ 1013.179837] BUG: unable to handle kernel NULL pointer dereference at (null) | |
| May 20 07:25:41 debian kernel: [ 1013.179896] IP: [<ffffffff811f5390>] pin_remove+0x50/0xb0 | |
| May 20 07:25:41 debian kernel: [ 1013.179935] PGD 2834067 PUD 5a2ef067 PMD 0 | |
| May 20 07:25:41 debian kernel: [ 1013.179966] Oops: 0002 [#1] SMP | |
| May 20 07:25:41 debian kernel: [ 1013.179990] Modules linked in: 8021q garp mrp dummy veth xt_conntrack xt_addrtype ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables x_tables bridge stp llc bnep uvcvideo videobuf2_vmalloc btusb videobuf2_memops videobuf2_core v4l2_common bluetooth videodev usbhid media x86_pkg_temp_thermal intel_powerclamp intel_rapl iosf_mbi coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul joydev wl(PO) dell_laptop dcdbas ghash_clmulni_intel hid_multitouch iTCO_wdt iTCO_vendor_support dell_wmi sparse_keymap aesni_intel aes_x86_64 lrw rtsx_pci_ms gf1 |