oci

package
v0.0.0-...-2745715 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 10, 2023 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateSpec

func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, cgroupParent string, processMode ProcessMode, idmap *idtools.IdentityMapping, apparmorProfile string, selinuxB bool, tracingSocket string, opts ...oci.SpecOpts) (*specs.Spec, func(), error)

GenerateSpec generates spec using containerd functionality. opts are ignored for s.Process, s.Hostname, and s.Mounts .

func GetHostsFile

func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP, idmap *idtools.IdentityMapping, hostname string) (string, func(), error)

func GetResolvConf

func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping, dns *DNSConfig) (string, error)

func GetUser

func GetUser(root, username string) (uint32, uint32, []uint32, error)

func ParseUIDGID

func ParseUIDGID(str string) (uid uint32, gid uint32, err error)

ParseUIDGID takes the fast path to parse UID and GID if and only if they are both provided

func WithUIDGID

func WithUIDGID(uid, gid uint32, sgids []uint32) containerdoci.SpecOpts

WithUIDGID allows the UID and GID for the Process to be set FIXME: This is a temporeray fix for the missing supplementary GIDs from containerd once the PR in containerd is merged we should remove this function.

Types

type DNSConfig

type DNSConfig struct {
	Nameservers   []string
	Options       []string
	SearchDomains []string
}

type ProcessMode

type ProcessMode int

ProcessMode configures PID namespaces

const (
	// ProcessSandbox unshares pidns and mount procfs.
	ProcessSandbox ProcessMode = iota
	// NoProcessSandbox uses host pidns and bind-mount procfs.
	// Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace.
	// NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user.
	NoProcessSandbox
)

func (ProcessMode) String

func (pm ProcessMode) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL