Documentation ¶
Index ¶
Constants ¶
const ( DefaultCgroupManager = "systemd" DefaultApparmorProfile = "container-default" // DefaultPidsLimit is the default value for maximum number of processes // allowed inside a container DefaultPidsLimit = 2048 // DefaultLogSizeMax is the default value for the maximum log size // allowed for a container. Negative values mean that no limit is imposed. DefaultLogSizeMax = -1 OCIBufSize = 8192 // DefaultSeccompPath defines the default seccomp path DefaultSeccompPath = "/usr/share/containers/seccomp.json" // DefaultShmSize default value DefaultShmSize = "65536k" // DefaultContainersConfig holds the default containers config path DefaultContainersConfig = "/usr/share/containers/containers.conf" // OverrideContainersConfig holds the default config paths overridden by the root user OverrideContainersConfig = "/etc/containers/containers.conf" )
Variables ¶
var DefaultCapabilities = []string{
"CAP_AUDIT_WRITE",
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_MKNOD",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT",
}
DefaultCapabilities for the default_capabilities option in the containers.conf file
var DefaultHooksDirs = []string{"/usr/share/containers/oci/hooks.d"}
DefaultHooksDirs defines the default hooks directory
var UserOverrideContainersConfig = filepath.Join(os.Getenv("HOME"), ".config/containers/containers.conf")
UserOverrideContainersConfig holds the containers config path overridden by the rootless user
Functions ¶
func Device ¶
Device parses device mapping string to a src, dest & permissions string Valid values for device looklike:
'/dev/sdc" '/dev/sdc:/dev/xvdc" '/dev/sdc:/dev/xvdc:rwm" '/dev/sdc:rm"
func IsDirectory ¶
IsDirectory tests whether the given path exists and is a directory. It follows symlinks.
func IsValidDeviceMode ¶
IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).
Types ¶
type Config ¶
type Config struct { ContainersConfig NetworkConfig }
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig defines the default values from containers.conf
func (*Config) UpdateFromFile ¶
UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.
type ContainersConfig ¶
type ContainersConfig struct { // DefaultUlimits specifies the default ulimits to apply to containers DefaultUlimits []string `toml:"default_ulimits"` // Env is the environment variable list for container process. Env []string `toml:"env"` // HTTPProxy is the proxy environment variable list to apply to container process HTTPProxy []string `toml:"http_proxy"` // SELinux determines whether or not SELinux is used for pod separation. SELinux bool `toml:"selinux"` // SeccompProfile is the seccomp.json profile path which is used as the // default for the runtime. SeccompProfile string `toml:"seccomp_profile"` // ApparmorProfile is the apparmor profile name which is used as the // default for the runtime. ApparmorProfile string `toml:"apparmor_profile"` // CgroupManager is the manager implementation name which is used to // handle cgroups for containers. Supports cgroupfs and systemd. CgroupManager string `toml:"cgroup_manager"` // Capabilities to add to all containers. DefaultCapabilities []string `toml:"default_capabilities"` // Sysctls to add to all containers. DefaultSysctls []string `toml:"default_sysctls"` // PidsLimit is the number of processes each container is restricted to // by the cgroup process number controller. PidsLimit int64 `toml:"pids_limit"` // Devices to add to containers AdditionalDevices []string `toml:"additional_devices"` // LogSizeMax is the maximum number of bytes after which the log file // will be truncated. It can be expressed as a human-friendly string // that is parsed to bytes. // Negative values indicate that the log file won't be truncated. LogSizeMax int64 `toml:"log_size_max"` // HooksDir holds paths to the directories containing hooks // configuration files. When the same filename is present in in // multiple directories, the file in the directory listed last in // this slice takes precedence. HooksDir []string `toml:"hooks_dir"` // ShmSize holds the size of /dev/shm. ShmSize string `toml:"shm_size"` // Run an init inside the container that forwards signals and reaps processes. Init bool `toml:"init"` }
ContainersConfig represents the "containers" TOML config table
func (*ContainersConfig) Validate ¶
func (c *ContainersConfig) Validate() error
Validate is the main entry point for containers configuration validation It returns an `error` on validation failure, otherwise `nil`.
type NetworkConfig ¶
type NetworkConfig struct { // NetworkDir is where CNI network configuration files are stored. NetworkDir string `toml:"network_dir"` // PluginDir is where CNI plugin binaries are stored. PluginDir string `toml:"plugin_dir,omitempty"` // PluginDirs is where CNI plugin binaries are stored. PluginDirs []string `toml:"plugin_dirs"` }
NetworkConfig represents the "network" TOML config table
func (*NetworkConfig) Validate ¶
func (c *NetworkConfig) Validate(onExecution bool) error
Validate is the main entry point for network configuration validation. The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.