config

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 6, 2019 License: Apache-2.0 Imports: 12 Imported by: 172

Documentation

Index

Constants

View Source
const (
	DefaultCgroupManager   = "systemd"
	DefaultApparmorProfile = "container-default"
	// DefaultPidsLimit is the default value for maximum number of processes
	// allowed inside a container
	DefaultPidsLimit = 2048
	// DefaultLogSizeMax is the default value for the maximum log size
	// allowed for a container. Negative values mean that no limit is imposed.
	DefaultLogSizeMax = -1
	OCIBufSize        = 8192
	// DefaultSeccompPath defines the default seccomp path
	DefaultSeccompPath = "/usr/share/containers/seccomp.json"
	// DefaultShmSize default value
	DefaultShmSize = "65536k"
	// DefaultContainersConfig holds the default containers config path
	DefaultContainersConfig = "/usr/share/containers/containers.conf"
	// OverrideContainersConfig holds the default config paths overridden by the root user
	OverrideContainersConfig = "/etc/containers/containers.conf"
)

Variables

View Source
var DefaultCapabilities = []string{
	"CAP_AUDIT_WRITE",
	"CAP_CHOWN",
	"CAP_DAC_OVERRIDE",
	"CAP_FOWNER",
	"CAP_FSETID",
	"CAP_KILL",
	"CAP_MKNOD",
	"CAP_NET_BIND_SERVICE",
	"CAP_NET_RAW",
	"CAP_SETGID",
	"CAP_SETPCAP",
	"CAP_SETUID",
	"CAP_SYS_CHROOT",
}

DefaultCapabilities for the default_capabilities option in the containers.conf file

View Source
var DefaultHooksDirs = []string{"/usr/share/containers/oci/hooks.d"}

DefaultHooksDirs defines the default hooks directory

View Source
var UserOverrideContainersConfig = filepath.Join(os.Getenv("HOME"), ".config/containers/containers.conf")

UserOverrideContainersConfig holds the containers config path overridden by the rootless user

Functions

func Device

func Device(device string) (string, string, string, error)

Device parses device mapping string to a src, dest & permissions string Valid values for device looklike:

'/dev/sdc"
'/dev/sdc:/dev/xvdc"
'/dev/sdc:/dev/xvdc:rwm"
'/dev/sdc:rm"

func IsDirectory

func IsDirectory(path string) error

IsDirectory tests whether the given path exists and is a directory. It follows symlinks.

func IsValidDeviceMode

func IsValidDeviceMode(mode string) bool

IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).

Types

type Config

type Config struct {
	ContainersConfig
	NetworkConfig
}

func DefaultConfig

func DefaultConfig() *Config

DefaultConfig defines the default values from containers.conf

func New

func New(path string) (*Config, error)

New generates a Config from the containers.conf file path

func (*Config) UpdateFromFile

func (c *Config) UpdateFromFile(path string) error

UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.

func (*Config) Validate

func (c *Config) Validate(onExecution bool) error

Validate is the main entry point for library configuration validation. The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.

type ContainersConfig

type ContainersConfig struct {
	// DefaultUlimits specifies the default ulimits to apply to containers
	DefaultUlimits []string `toml:"default_ulimits"`
	// Env is the environment variable list for container process.
	Env []string `toml:"env"`
	// HTTPProxy is the proxy environment variable list to apply to container process
	HTTPProxy []string `toml:"http_proxy"`
	// SELinux determines whether or not SELinux is used for pod separation.
	SELinux bool `toml:"selinux"`
	// SeccompProfile is the seccomp.json profile path which is used as the
	// default for the runtime.
	SeccompProfile string `toml:"seccomp_profile"`
	// ApparmorProfile is the apparmor profile name which is used as the
	// default for the runtime.
	ApparmorProfile string `toml:"apparmor_profile"`
	// CgroupManager is the manager implementation name which is used to
	// handle cgroups for containers. Supports cgroupfs and systemd.
	CgroupManager string `toml:"cgroup_manager"`
	// Capabilities to add to all containers.
	DefaultCapabilities []string `toml:"default_capabilities"`
	// Sysctls to add to all containers.
	DefaultSysctls []string `toml:"default_sysctls"`
	// PidsLimit is the number of processes each container is restricted to
	// by the cgroup process number controller.
	PidsLimit int64 `toml:"pids_limit"`
	// Devices to add to containers
	AdditionalDevices []string `toml:"additional_devices"`
	// LogSizeMax is the maximum number of bytes after which the log file
	// will be truncated. It can be expressed as a human-friendly string
	// that is parsed to bytes.
	// Negative values indicate that the log file won't be truncated.
	LogSizeMax int64 `toml:"log_size_max"`
	// HooksDir holds paths to the directories containing hooks
	// configuration files.  When the same filename is present in in
	// multiple directories, the file in the directory listed last in
	// this slice takes precedence.
	HooksDir []string `toml:"hooks_dir"`
	// ShmSize holds the size of /dev/shm.
	ShmSize string `toml:"shm_size"`
	// Run an init inside the container that forwards signals and reaps processes.
	Init bool `toml:"init"`
}

ContainersConfig represents the "containers" TOML config table

func (*ContainersConfig) Validate

func (c *ContainersConfig) Validate() error

Validate is the main entry point for containers configuration validation It returns an `error` on validation failure, otherwise `nil`.

type NetworkConfig

type NetworkConfig struct {
	// NetworkDir is where CNI network configuration files are stored.
	NetworkDir string `toml:"network_dir"`

	// PluginDir is where CNI plugin binaries are stored.
	PluginDir string `toml:"plugin_dir,omitempty"`

	// PluginDirs is where CNI plugin binaries are stored.
	PluginDirs []string `toml:"plugin_dirs"`
}

NetworkConfig represents the "network" TOML config table

func (*NetworkConfig) Validate

func (c *NetworkConfig) Validate(onExecution bool) error

Validate is the main entry point for network configuration validation. The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL