Documentation ¶
Index ¶
- func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, ...) (*specs.Spec, func(), error)
- func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP, ...) (string, func(), error)
- func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.IdentityMapping, ...) (string, error)
- func GetUser(root, username string) (uint32, uint32, []uint32, error)
- func ParseUIDGID(str string) (uid uint32, gid uint32, err error)
- func WithUIDGID(uid, gid uint32, sgids []uint32) containerdoci.SpecOpts
- type DNSConfig
- type ProcessMode
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateSpec ¶
func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, cgroupParent string, processMode ProcessMode, idmap *idtools.IdentityMapping, apparmorProfile string, selinuxB bool, tracingSocket string, opts ...oci.SpecOpts) (*specs.Spec, func(), error)
GenerateSpec generates spec using containerd functionality. opts are ignored for s.Process, s.Hostname, and s.Mounts .
func GetHostsFile ¶
func GetResolvConf ¶
func ParseUIDGID ¶
ParseUIDGID takes the fast path to parse UID and GID if and only if they are both provided
func WithUIDGID ¶
func WithUIDGID(uid, gid uint32, sgids []uint32) containerdoci.SpecOpts
WithUIDGID allows the UID and GID for the Process to be set FIXME: This is a temporeray fix for the missing supplementary GIDs from containerd once the PR in containerd is merged we should remove this function.
Types ¶
type ProcessMode ¶
type ProcessMode int
ProcessMode configures PID namespaces
const ( // ProcessSandbox unshares pidns and mount procfs. ProcessSandbox ProcessMode = iota // NoProcessSandbox uses host pidns and bind-mount procfs. // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the Shipyard host namespace. // NoProcessSandbox should be enabled only when the Shipyard is running in a container as an unprivileged user. NoProcessSandbox )
func (ProcessMode) String ¶
func (pm ProcessMode) String() string
Click to show internal directories.
Click to hide internal directories.