specconv

package

v0.0.0-...-aaaa0d7 Latest Latest Go to latest Published: Dec 11, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/c0deoo1/runc-1.0.0-rc10

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package specconv implements conversion of specifications to libcontainer configurations

Index ¶

Variables
func CreateCgroupConfig(opts *CreateOpts) (*configs.Cgroup, error)
func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error)
func Example() *specs.Spec
func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error)
func ToRootless(spec *specs.Spec)
type CreateOpts

Constants ¶

This section is empty.

Variables ¶

View Source

var AllowedDevices = []*configs.Device{

	{
		Type:        'c',
		Major:       wildcard,
		Minor:       wildcard,
		Permissions: "m",
		Allow:       true,
	},
	{
		Type:        'b',
		Major:       wildcard,
		Minor:       wildcard,
		Permissions: "m",
		Allow:       true,
	},
	{
		Type:        'c',
		Path:        "/dev/null",
		Major:       1,
		Minor:       3,
		Permissions: "rwm",
		Allow:       true,
	},
	{
		Type:        'c',
		Path:        "/dev/random",
		Major:       1,
		Minor:       8,
		Permissions: "rwm",
		Allow:       true,
	},
	{
		Type:        'c',
		Path:        "/dev/full",
		Major:       1,
		Minor:       7,
		Permissions: "rwm",
		Allow:       true,
	},
	{
		Type:        'c',
		Path:        "/dev/tty",
		Major:       5,
		Minor:       0,
		Permissions: "rwm",
		Allow:       true,
	},
	{
		Type:        'c',
		Path:        "/dev/zero",
		Major:       1,
		Minor:       5,
		Permissions: "rwm",
		Allow:       true,
	},
	{
		Type:        'c',
		Path:        "/dev/urandom",
		Major:       1,
		Minor:       9,
		Permissions: "rwm",
		Allow:       true,
	},
	{
		Path:        "/dev/console",
		Type:        'c',
		Major:       5,
		Minor:       1,
		Permissions: "rwm",
		Allow:       true,
	},

	{
		Path:        "",
		Type:        'c',
		Major:       136,
		Minor:       wildcard,
		Permissions: "rwm",
		Allow:       true,
	},
	{
		Path:        "",
		Type:        'c',
		Major:       5,
		Minor:       2,
		Permissions: "rwm",
		Allow:       true,
	},

	{
		Path:        "",
		Type:        'c',
		Major:       10,
		Minor:       200,
		Permissions: "rwm",
		Allow:       true,
	},
}

AllowedDevices is exposed for devicefilter_test.go

Functions ¶

func CreateCgroupConfig ¶

func CreateCgroupConfig(opts *CreateOpts) (*configs.Cgroup, error)

func CreateLibcontainerConfig ¶

func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error)

CreateLibcontainerConfig creates a new libcontainer configuration from a given specification and a cgroup name

func Example ¶

func Example() *specs.Spec

Example returns an example spec file, with many options set so a user can see what a standard spec file looks like.

func SetupSeccomp ¶

func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error)

func ToRootless ¶

func ToRootless(spec *specs.Spec)

ToRootless converts the given spec file into one that should work with rootless containers (euid != 0), by removing incompatible options and adding others that are needed.

Types ¶

type CreateOpts ¶

type CreateOpts struct {
	CgroupName       string
	UseSystemdCgroup bool
	NoPivotRoot      bool
	NoNewKeyring     bool
	Spec             *specs.Spec
	RootlessEUID     bool
	RootlessCgroups  bool
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL