oci

package
v1.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2019 License: Apache-2.0 Imports: 19 Imported by: 1,072

Documentation

Index

Constants

This section is empty.

Variables

View Source
var WithAllCapabilities = WithCapabilities(getAllCapabilities())

WithAllCapabilities sets all linux capabilities for the process

WithPrivileged sets up options for a privileged container TODO(justincormack) device handling

Functions

func GenerateSpec

func GenerateSpec(ctx context.Context, client Client, c *containers.Container, opts ...SpecOpts) (*specs.Spec, error)

GenerateSpec will generate a default spec from the provided image for use as a containerd container

func WithHostHostsFile

func WithHostHostsFile(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly

func WithHostLocaltime

func WithHostLocaltime(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithHostLocaltime bind-mounts the host's /etc/localtime into the container as readonly

func WithHostResolvconf

func WithHostResolvconf(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly

func WithNewPrivileges added in v1.1.4

func WithNewPrivileges(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithNewPrivileges turns off the NoNewPrivileges feature flag in the spec

func WithNoNewPrivileges

func WithNoNewPrivileges(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithNoNewPrivileges sets no_new_privileges on the process for the container

func WithSeccompUnconfined added in v1.1.0

func WithSeccompUnconfined(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithSeccompUnconfined clears the seccomp profile

func WithTTY

func WithTTY(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithTTY sets the information on the spec as well as the environment variables for using a TTY

func WithWriteableCgroupfs added in v1.1.0

func WithWriteableCgroupfs(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithWriteableCgroupfs makes any cgroup mounts writeable

func WithWriteableSysfs added in v1.1.0

func WithWriteableSysfs(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithWriteableSysfs makes any sysfs mounts writeable

Types

type Client

type Client interface {
	SnapshotService(snapshotterName string) snapshots.Snapshotter
}

Client interface used by SpecOpt

type Image

type Image interface {
	// Config descriptor for the image.
	Config(ctx context.Context) (ocispec.Descriptor, error)
	// ContentStore provides a content store which contains image blob data
	ContentStore() content.Store
}

Image interface used by some SpecOpt to query image configuration

type SpecOpts

SpecOpts sets spec specific information to a newly generated OCI spec

func Compose added in v1.1.0

func Compose(opts ...SpecOpts) SpecOpts

Compose converts a sequence of spec operations into a single operation

func WithAdditionalGIDs added in v1.1.4

func WithAdditionalGIDs(userstr string) SpecOpts

WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem The passed in user can be either a uid or a username.

func WithApparmorProfile added in v1.1.0

func WithApparmorProfile(profile string) SpecOpts

WithApparmorProfile sets the Apparmor profile for the process

func WithCapabilities added in v1.1.0

func WithCapabilities(caps []string) SpecOpts

WithCapabilities sets Linux capabilities on the process

func WithCgroup

func WithCgroup(path string) SpecOpts

WithCgroup sets the container's cgroup path

func WithEnv added in v1.1.0

func WithEnv(environmentVariables []string) SpecOpts

WithEnv appends environment variables

func WithHostNamespace

func WithHostNamespace(ns specs.LinuxNamespaceType) SpecOpts

WithHostNamespace allows a task to run inside the host's linux namespace

func WithHostname

func WithHostname(name string) SpecOpts

WithHostname sets the container's hostname

func WithImageConfig

func WithImageConfig(image Image) SpecOpts

WithImageConfig configures the spec to from the configuration of an Image

func WithLinuxNamespace

func WithLinuxNamespace(ns specs.LinuxNamespace) SpecOpts

WithLinuxNamespace uses the passed in namespace for the spec. If a namespace of the same type already exists in the spec, the existing namespace is replaced by the one provided.

func WithMaskedPaths added in v1.1.0

func WithMaskedPaths(paths []string) SpecOpts

WithMaskedPaths sets the masked paths option

func WithMounts added in v1.1.0

func WithMounts(mounts []specs.Mount) SpecOpts

WithMounts appends mounts

func WithNamespacedCgroup

func WithNamespacedCgroup() SpecOpts

WithNamespacedCgroup uses the namespace set on the context to create a root directory for containers in the cgroup with the id as the subcgroup

func WithProcessArgs

func WithProcessArgs(args ...string) SpecOpts

WithProcessArgs replaces the args on the generated spec

func WithProcessCwd

func WithProcessCwd(cwd string) SpecOpts

WithProcessCwd replaces the current working directory on the generated spec

func WithReadonlyPaths added in v1.1.0

func WithReadonlyPaths(paths []string) SpecOpts

WithReadonlyPaths sets the read only paths option

func WithRootFSPath

func WithRootFSPath(path string) SpecOpts

WithRootFSPath specifies unmanaged rootfs path.

func WithRootFSReadonly

func WithRootFSReadonly() SpecOpts

WithRootFSReadonly sets specs.Root.Readonly to true

func WithSelinuxLabel added in v1.1.0

func WithSelinuxLabel(label string) SpecOpts

WithSelinuxLabel sets the process SELinux label

func WithUIDGID

func WithUIDGID(uid, gid uint32) SpecOpts

WithUIDGID allows the UID and GID for the Process to be set

func WithUser added in v1.1.0

func WithUser(userstr string) SpecOpts

WithUser sets the user to be used within the container. It accepts a valid user string in OCI Image Spec v1.0.0:

user, uid, user:group, uid:gid, uid:group, user:gid

func WithUserID

func WithUserID(uid uint32) SpecOpts

WithUserID sets the correct UID and GID for the container based on the image's /etc/passwd contents. If /etc/passwd does not exist, or uid is not found in /etc/passwd, it sets the requested uid, additionally sets the gid to 0, and does not return an error.

func WithUserNamespace

func WithUserNamespace(container, host, size uint32) SpecOpts

WithUserNamespace sets the uid and gid mappings for the task this can be called multiple times to add more mappings to the generated spec

func WithUsername

func WithUsername(username string) SpecOpts

WithUsername sets the correct UID and GID for the container based on the the image's /etc/passwd contents. If /etc/passwd does not exist, or the username is not found in /etc/passwd, it returns error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL