Skip to main content

lib/linx.ex

defmodule Linx do
  @moduledoc """
  Linux kernel-interface primitives for Elixir.

  Linx is a library of **primitives, not a runtime** — low-level Linux
  interfaces exposed as idiomatic Elixir, meant to feel as natural to drive
  from the BEAM as anything in the standard library. A container engine, a
  network orchestrator, or an observability tool is a *consumer* of Linx; the
  runtime concepts live in those projects. See the [README](readme.html) for the
  pitch and a quick start.

  This page is the map of the API surface; each module's own documentation is
  the reference.

  ## Subsystems

  **Process & namespaces**
    * `Linx.Process` — `clone(2)` with namespace flags, `setns(2)`, signals,
      `waitpid(2)`, and stdio plumbing, driven by an external C agent (a Port).

  **Networking**
    * `Linx.Netlink` / `Linx.Netlink.Rtnl` — an `AF_NETLINK` client; rtnetlink
      links, addresses, routes, neighbours, rules, and stats.
    * `Linx.Netfilter` — nf_tables over `NETLINK_NETFILTER`: the `~NFT` sigil and
      pipeline DSL, `push`/`pull`/`diff`, socket-owned tables, a live monitor.

  **Resource control**
    * `Linx.Cgroup` — cgroup v2 via direct `/sys/fs/cgroup` I/O: typed
      memory/pids/cpu limits, freeze/thaw, `%Stats{}` counters.

  **Filesystem**
    * `Linx.Mount` — `mount(2)`, `umount2(2)`, `pivot_root(2)`, bind/remount/
      move, a `/proc/<pid>/mountinfo` parser, and a cross-namespace `:in` option.

  **Identity & security**
    * `Linx.User` — user-namespace uid/gid/setgroups mapping.
    * `Linx.Capabilities` — the five per-thread capability sets as `MapSet`s of
      `:cap_*` atoms.
    * `Linx.Seccomp` — pure-Elixir cBPF syscall filters installed at the
      checkpoint.

  **Tuning**
    * `Linx.Sysctl` — `/proc/sys/` knobs with dot-form keys, per-namespace
      routing, and the same `:in` option as `Linx.Mount`.

  **Value types**
    * `Linx.IP` (+ `Linx.IP.Subnet`) and `Linx.MAC` — domain primitives with
      compile-time sigils that `Inspect` round-trips.

  **Declarative**
    * `Linx.Reconcile` — an opt-in, single-subsystem control loop over the
      `Linx.Reconcile.Source` contract.

  ## The composition

  Linx's value isn't any single subsystem — it's that they all hook into the
  same `Linx.Process` **checkpoint**, the window between `clone(2)` and
  `execve(2)` where the child is parked. Inside that window a workload's
  identity, resource ceiling, network, privileges, and syscall surface are all
  decided at once, before its first instruction. The subsystems are otherwise
  independent and compose because they share that one primitive, not because a
  framework holds them together.

  ## Capability detection

  Subsystems that gate an *optionally-present* kernel feature expose a
  `supported?/0` probe — `Linx.Cgroup`, `Linx.User`, `Linx.Capabilities`,
  `Linx.Seccomp`, `Linx.Sysctl`, and `Linx.Netfilter`. Subsystems built on the
  always-present Linux baseline Linx requires (`Linx.Process`, `Linx.Netlink`,
  `Linx.Mount`, `Linx.Tty`) omit it by design.

  ## Declarative reconciliation

  Several subsystems expose the `pull` / `diff` / `push(mode: :reconcile)` /
  `subscribe` template: describe desired kernel state and converge onto it,
  idempotent and self-healing across drift, crashes, and reboots. `Linx.Reconcile`
  is the thin opt-in loop on top; see `docs/reconcile/EXAMPLES.md`.

  ## Getting started

  The [README](readme.html) has installation and the headline composition;
  each subsystem's `docs/<subsystem>/EXAMPLES.md` has runnable, copy-paste
  recipes.
  """
end