spec

package
v1.13.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 25, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package spec implements OCI runtime spec support.

Index

Constants

View Source
const (
	UnknownUID = UID(-1)
	UnknownGID = GID(-1)
)

Unknown UID and GIDs.

Variables

This section is empty.

Functions

func New

func New(o ...Option) (*runtime.Spec, error)

New produces a new OCI runtime spec (i.e. config.json).

func Write

func Write(path string, o ...Option) error

Write an OCI runtime spec to the supplied path.

Types

type GID

type GID int

A GID within an /etc/passwd or /etc/group file.

type Groupname

type Groupname string

A Groupname within an /etc/group file.

type Groups

type Groups struct {
	PrimaryGID     uint32
	AdditionalGIDs []uint32
}

Groups represents a user's groups.

type Option

type Option func(s *runtime.Spec) error

An Option specifies optional OCI runtime configuration.

func WithCPULimit

func WithCPULimit(limit string) Option

WithCPULimit limits the container's CPU usage per the supplied Kubernetes-style limit string (e.g. 0.5 or 500m for half a core).

func WithHostNetwork

func WithHostNetwork() Option

WithHostNetwork configures the container to share the host's (i.e. xfn container's) network namespace.

func WithImageConfig

func WithImageConfig(cfg *ociv1.ConfigFile, passwd, group string) Option

WithImageConfig extends a Spec with configuration derived from an OCI image config file. If the image config specifies a user it will be resolved using the supplied passwd and group files.

func WithMemoryLimit

func WithMemoryLimit(limit string) Option

WithMemoryLimit limits the container's memory usage per the supplied Kubernetes-style limit string (e.g. 512Mi).

func WithRootFS

func WithRootFS(path string, readonly bool) Option

WithRootFS configures a container's rootfs.

func WithUser

func WithUser(user string, p Passwd) Option

WithUser resolves an OCI image config user string in order to set the spec's process user. According to the OCI image config v1.0 spec: "For Linux based systems, all of the following are valid: user, uid, user:group, uid:gid, uid:group, user:gid. If group/GID is not specified, the default group and supplementary groups of the given user/UID in /etc/passwd from the container are applied."

func WithUserAndGroup

func WithUserAndGroup(user, group string, p Passwd) Option

WithUserAndGroup resolves an OCI image config user string in order to set the spec's process user. The supplied user string must either be an integer UID (that may or may not exist in the container's /etc/passwd) or a username that exists in the container's /etc/passwd. The supplied group must either be an integer GID (that may or may not exist in the container's /etc/group) or a group name that exists in the container's /etc/group.

func WithUserOnly

func WithUserOnly(user string, p Passwd) Option

WithUserOnly resolves an OCI Image config user string in order to set the spec's process user. The supplied user string must either be an integer UID (that may or may not exist in the container's /etc/passwd) or a username that exists in the container's /etc/passwd. The supplied user string must not contain any group information.

type Passwd

type Passwd struct {
	UID    map[Username]UID
	GID    map[Groupname]GID
	Groups map[UID]Groups
}

Passwd (and group) file data.

func ParsePasswd

func ParsePasswd(passwd, group io.Reader) (Passwd, error)

ParsePasswd parses the supplied passwd and group data.

func ParsePasswdFiles

func ParsePasswdFiles(passwd, group string) (Passwd, error)

ParsePasswdFiles parses the passwd and group files at the supplied paths. If either path does not exist it returns empty Passwd data.

type UID

type UID int

A UID within an /etc/passwd file.

type Username

type Username string

A Username within an /etc/passwd file.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL