Internal change.

PiperOrigin-RevId: 817859872

Author: nixprime

runsc/boot/BUILD

@@ -18,6 +18,7 @@ go_library(
         "gofer_conf.go",
         "limits.go",
         "loader.go",
+        "loader_impl.go",
         "mount_hints.go",
         "network.go",
         "restore.go",

runsc/boot/loader.go

@@ -278,6 +278,8 @@ type Loader struct {
 	// saveRestoreNet indicates if the saved network stack should be used
 	// during restore.
 	saveRestoreNet bool
+
+	LoaderExtra
 }
 
 // execID uniquely identifies a sentry process that is executed in a container.
@@ -381,6 +383,8 @@ type Args struct {
 	HostTHP HostTHP
 
 	SaveFDs []*fd.FD
+
+	ArgsExtra
 }
 
 // HostTHP holds host transparent hugepage settings.
@@ -471,6 +475,7 @@ func New(args Args) (*Loader, error) {
 		containerSpecs: make(map[string]*specs.Spec),
 		saveFDs:        args.SaveFDs,
 	}
+	setLoaderFromArgsExtra(l, &args)
 
 	if args.NumCPU == 0 {
 		args.NumCPU = runtime.NumCPU()

runsc/boot/loader_impl.go

@@ -0,0 +1,24 @@
+// Copyright 2025 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !false
+// +build !false
+
+package boot
+
+type LoaderExtra struct{}
+
+type ArgsExtra struct{}
+
+func setLoaderFromArgsExtra(l *Loader, args *Args) {}

runsc/cmd/BUILD

@@ -34,6 +34,7 @@ go_library(
     name = "cmd",
     srcs = [
         "boot.go",
+        "boot_impl.go",
         "capability.go",
         "checkpoint.go",
         "chroot.go",

runsc/cmd/boot.go

@@ -190,9 +190,11 @@ type Boot struct {
 	// nvidiaDriverVersion is the Nvidia driver version on the host.
 	nvidiaDriverVersion string
 
-	// uid and gud are the user and group IDs to switch to after setting up the user namespace.
+	// uid and gid are the user and group IDs to switch to after setting up the user namespace.
 	uid int
 	gid int
+
+	bootExtra
 }
 
 // Name implements subcommands.Command.Name.
@@ -251,6 +253,8 @@ func (b *Boot) SetFlags(f *flag.FlagSet) {
 	f.IntVar(&b.finalMetricsFD, "final-metrics-log-fd", -1, "file descriptor to write metrics to upon sandbox termination.")
 	f.IntVar(&b.profilingMetricsFD, "profiling-metrics-fd", -1, "file descriptor to write sentry profiling metrics.")
 	f.BoolVar(&b.profilingMetricsLossy, "profiling-metrics-fd-lossy", false, "if true, treat the sentry profiling metrics FD as lossy and write a checksum to it.")
+
+	b.setFlagsExtra(f)
 }
 
 // Execute implements subcommands.Command.Execute.  It starts a sandbox in a
@@ -543,6 +547,7 @@ func (b *Boot) Execute(_ context.Context, f *flag.FlagSet, args ...any) subcomma
 		HostTHP:             b.hostTHP,
 		SaveFDs:             b.saveFDs.GetFDs(),
 	}
+	b.setBootArgsExtra(&bootArgs)
 	l, err := boot.New(bootArgs)
 	if err != nil {
 		util.Fatalf("creating loader: %v", err)

runsc/cmd/boot_impl.go

@@ -0,0 +1,29 @@
+// Copyright 2025 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !false
+// +build !false
+
+package cmd
+
+import (
+	"gvisor.dev/gvisor/runsc/boot"
+	"gvisor.dev/gvisor/runsc/flag"
+)
+
+type bootExtra struct{}
+
+func (b *Boot) setFlagsExtra(f *flag.FlagSet) {}
+
+func (b *Boot) setBootArgsExtra(bootArgs *boot.Args) {}

runsc/sandbox/sandbox.go

@@ -968,7 +968,7 @@ func (s *Sandbox) createSandboxProcess(conf *config.Config, args *Args, startSyn
 		donations.DonateAndClose("save-fds", files...)
 	}
 
-	if err := createSandboxProcessExtra(conf, args, &donations); err != nil {
+	if err := createSandboxProcessExtra(conf, args, cmd, &donations); err != nil {
 		return err
 	}
 

runsc/sandbox/sandbox_impl.go

@@ -18,13 +18,15 @@
 package sandbox
 
 import (
+	"os/exec"
+
 	"gvisor.dev/gvisor/pkg/sentry/control"
 	"gvisor.dev/gvisor/runsc/boot"
 	"gvisor.dev/gvisor/runsc/config"
 	"gvisor.dev/gvisor/runsc/donation"
 )
 
-func createSandboxProcessExtra(conf *config.Config, args *Args, donations *donation.Agency) error {
+func createSandboxProcessExtra(conf *config.Config, args *Args, cmd *exec.Cmd, donations *donation.Agency) error {
 	return nil
 }