File tree Expand file tree Collapse file tree 1 file changed +6
-6
lines changed Expand file tree Collapse file tree 1 file changed +6
-6
lines changed Original file line number Diff line number Diff line change @@ -159,9 +159,9 @@ func NewLinuxJail(config Config) (*LinuxJail, error) {
159159}
160160
161161// ConfigureBeforeCommandExecution prepares the jail environment before the target
162- // process is launched. It sets environment variables and performs host-side
163- // networking setup (e.g., creating the veth pair) . At this point the target
164- // process has not started, so its PID and network namespace ID are unknown .
162+ // process is launched. It sets environment variables, creates the veth pair, and
163+ // installs iptables rules on the host . At this stage, the target PID and its netns
164+ // are not yet known .
165165func (l * LinuxJail ) ConfigureBeforeCommandExecution () error {
166166 l .logger .Debug ("Setup called" )
167167
@@ -198,9 +198,9 @@ func (l *LinuxJail) Command(command []string) *exec.Cmd {
198198 return cmd
199199}
200200
201- // ConfigureAfterCommandExecution finalizes networking after the target process starts.
202- // With the child PID known, it moves the jail-side veth into the child’s netns
203- // and installs iptables rules to redirect traffic through the proxy .
201+ // ConfigureAfterCommandExecution finalizes setup once the target process starts.
202+ // With the child PID known, it moves the jail-side veth into the child’s network
203+ // namespace .
204204func (l * LinuxJail ) ConfigureAfterCommandExecution (pidInt int ) error {
205205 err := l .configureParentNetworkingStep2 (pidInt )
206206 if err != nil {
You can’t perform that action at this time.
0 commit comments