Documentation ¶
Index ¶
- Variables
- func GetAllCapabilities() []string
- func InitContainer(c *Command) *configs.Config
- func SetupCgroups(container *configs.Config, c *Command) error
- func TweakCapabilities(basics, adds, drops []string) ([]string, error)
- type Capabilities
- type CapabilityMapping
- type Command
- type CommonCommand
- type CommonResources
- type Context
- type Driver
- type DriverCallback
- type ExitStatus
- type Hooks
- type Info
- type Ipc
- type Mount
- type Network
- type Pid
- type Pipes
- type ProcessConfig
- type ResourceStats
- type Resources
- type StdConsole
- type Terminal
- type UTS
- type User
Constants ¶
This section is empty.
Variables ¶
var ( ErrNotRunning = errors.New("Container is not running") ErrWaitTimeoutReached = errors.New("Wait timeout reached") ErrDriverAlreadyRegistered = errors.New("A driver already registered this docker init function") ErrDriverNotFound = errors.New("The requested docker init has not been found") )
Define error messages
Functions ¶
func GetAllCapabilities ¶
func GetAllCapabilities() []string
GetAllCapabilities returns all of the capabilities
func InitContainer ¶
InitContainer is the initialization of a container config. It returns the initial configs for a container. It's mostly defined by the default template.
func SetupCgroups ¶
SetupCgroups setups cgroup resources for a container.
func TweakCapabilities ¶
TweakCapabilities can tweak capabilities by adding or dropping capabilities based on the basics capabilities.
Types ¶
type Capabilities ¶
type Capabilities []*CapabilityMapping
Capabilities contains all CapabilityMapping
type CapabilityMapping ¶
type CapabilityMapping struct { Key string `json:"key,omitempty"` Value capability.Cap `json:"value,omitempty"` }
CapabilityMapping maps linux capability name to its value of capability.Cap type Capabilities is one of the security systems in Linux Security Module (LSM) framework provided by the kernel. For more details on capabilities, see http://man7.org/linux/man-pages/man7/capabilities.7.html
func GetCapability ¶
func GetCapability(key string) *CapabilityMapping
GetCapability returns CapabilityMapping which contains specific key
func (*CapabilityMapping) String ¶
func (c *CapabilityMapping) String() string
String returns <key> of CapabilityMapping
type Command ¶
type Command struct { CommonCommand AllowedDevices []*configs.Device `json:"allowed_devices"` AppArmorProfile string `json:"apparmor_profile"` AutoCreatedDevices []*configs.Device `json:"autocreated_devices"` CapAdd []string `json:"cap_add"` CapDrop []string `json:"cap_drop"` CgroupParent string `json:"cgroup_parent"` // The parent cgroup for this command. GIDMapping []idtools.IDMap `json:"gidmapping"` GroupAdd []string `json:"group_add"` Ipc *Ipc `json:"ipc"` Pid *Pid `json:"pid"` ReadonlyRootfs bool `json:"readonly_rootfs"` RemappedRoot *User `json:"remap_root"` UIDMapping []idtools.IDMap `json:"uidmapping"` UTS *UTS `json:"uts"` }
Command wraps an os/exec.Cmd to add more metadata
type CommonCommand ¶
type CommonCommand struct { ContainerPid int `json:"container_pid"` // the pid for the process inside a container ID string `json:"id"` InitPath string `json:"initpath"` // dockerinit MountLabel string `json:"mount_label"` // TODO Windows. More involved, but can be factored out Mounts []Mount `json:"mounts"` Network *Network `json:"network"` ProcessConfig ProcessConfig `json:"process_config"` // Describes the init process of the container. ProcessLabel string `json:"process_label"` // TODO Windows. More involved, but can be factored out Resources *Resources `json:"resources"` Rootfs string `json:"rootfs"` // root fs of the container WorkingDir string `json:"working_dir"` }
CommonCommand is the common platform agnostic part of the Command structure which wraps an os/exec.Cmd to add more metadata
type CommonResources ¶
type CommonResources struct { Memory int64 `json:"memory"` MemoryReservation int64 `json:"memory_reservation"` BlkioWeight uint16 `json:"blkio_weight"` }
CommonResources contains the resource configs for a driver that are common across platforms.
type Driver ¶
type Driver interface { // Run executes the process, blocks until the process exits and returns // the exit code. It's the last stage on Docker side for running a container. Run(c *Command, pipes *Pipes, hooks Hooks) (ExitStatus, error) // Exec executes the process in an existing container, blocks until the // process exits and returns the exit code. Exec(c *Command, processConfig *ProcessConfig, pipes *Pipes, hooks Hooks) (int, error) // Kill sends signals to process in container. Kill(c *Command, sig int) error // Pause pauses a container. Pause(c *Command) error // Unpause unpauses a container. Unpause(c *Command) error // Name returns the name of the driver. Name() string // Info returns the configuration stored in the driver struct, // "temporary" hack (until we move state from core to plugins). Info(id string) Info // GetPidsForContainer returns a list of pid for the processes running in a container. GetPidsForContainer(id string) ([]int, error) // Terminate kills a container by sending signal SIGKILL. Terminate(c *Command) error // Clean removes all traces of container exec. Clean(id string) error // Stats returns resource stats for a running container Stats(id string) (*ResourceStats, error) // SupportsHooks refers to the driver capability to exploit pre/post hook functionality SupportsHooks() bool }
Driver is an interface for drivers to implement including all basic functions a driver should have
type DriverCallback ¶
type DriverCallback func(processConfig *ProcessConfig, pid int, chOOM <-chan struct{}) error
DriverCallback defines a callback function which is used in "Run" and "Exec". This allows work to be done in the parent process when the child is passing through PreStart, Start and PostStop events. Callbacks are provided a processConfig pointer and the pid of the child. The channel will be used to notify the OOM events.
type ExitStatus ¶
type ExitStatus struct { // The exit code with which the container exited. ExitCode int // Whether the container encountered an OOM. OOMKilled bool }
ExitStatus provides exit reasons for a container.
type Hooks ¶
type Hooks struct { // PreStart is called before container's CMD/ENTRYPOINT is executed PreStart []DriverCallback // Start is called after the container's process is full started Start DriverCallback // PostStop is called after the container process exits PostStop []DriverCallback }
Hooks is a struct containing function pointers to callbacks used by any execdriver implementation exploiting hooks capabilities
type Info ¶
type Info interface {
IsRunning() bool
}
Info is driver specific information based on processes registered with the driver
type Ipc ¶
type Ipc struct { ContainerID string `json:"container_id"` // id of the container to join ipc. HostIpc bool `json:"host_ipc"` }
Ipc settings of the container It is for IPC namespace setting. Usually different containers have their own IPC namespace, however this specifies to use an existing IPC namespace. You can join the host's or a container's IPC namespace.
type Mount ¶
type Mount struct { Source string `json:"source"` Destination string `json:"destination"` Writable bool `json:"writable"` Private bool `json:"private"` Slave bool `json:"slave"` }
Mount contains information for a mount operation.
type Network ¶
type Network struct { Mtu int `json:"mtu"` ContainerID string `json:"container_id"` // id of the container to join network. NamespacePath string `json:"namespace_path"` HostNetworking bool `json:"host_networking"` }
Network settings of the container
type Pid ¶
type Pid struct {
HostPid bool `json:"host_pid"`
}
Pid settings of the container It is for PID namespace setting. Usually different containers have their own PID namespace, however this specifies to use an existing PID namespace. Joining the host's PID namespace is currently the only supported option.
type Pipes ¶
type Pipes struct { Stdin io.ReadCloser Stdout, Stderr io.Writer }
Pipes is a wrapper around a container's output for stdin, stdout, stderr
type ProcessConfig ¶
type ProcessConfig struct { exec.Cmd `json:"-"` Privileged bool `json:"privileged"` User string `json:"user"` Tty bool `json:"tty"` Entrypoint string `json:"entrypoint"` Arguments []string `json:"arguments"` Terminal Terminal `json:"-"` // standard or tty terminal (Unix) Console string `json:"-"` // dev/console path (Unix) ConsoleSize [2]int `json:"-"` // h,w of initial console size (Windows) }
ProcessConfig describes a process that will be run inside a container.
type ResourceStats ¶
type ResourceStats struct { *libcontainer.Stats Read time.Time `json:"read"` MemoryLimit int64 `json:"memory_limit"` SystemUsage uint64 `json:"system_usage"` }
ResourceStats contains information about resource usage by a container.
type Resources ¶
type Resources struct { CommonResources MemorySwap int64 `json:"memory_swap"` KernelMemory int64 `json:"kernel_memory"` CPUQuota int64 `json:"cpu_quota"` CpusetCpus string `json:"cpuset_cpus"` CpusetMems string `json:"cpuset_mems"` CPUPeriod int64 `json:"cpu_period"` Rlimits []*ulimit.Rlimit `json:"rlimits"` OomKillDisable bool `json:"oom_kill_disable"` MemorySwappiness int64 `json:"memory_swappiness"` }
Resources contains all resource configs for a driver. Currently these are all for cgroup configs.
type StdConsole ¶
type StdConsole struct { // Closers holds io.Closer references for closing at terminal close time Closers []io.Closer }
StdConsole defines standard console operations for execdriver
func NewStdConsole ¶
func NewStdConsole(processConfig *ProcessConfig, pipes *Pipes) (*StdConsole, error)
NewStdConsole returns a new StdConsole struct
func (*StdConsole) AttachPipes ¶
func (s *StdConsole) AttachPipes(command *exec.Cmd, pipes *Pipes) error
AttachPipes attaches given pipes to exec.Cmd
func (*StdConsole) Close ¶
func (s *StdConsole) Close() error
Close implements Close method of Terminal interface
func (*StdConsole) Resize ¶
func (s *StdConsole) Resize(h, w int) error
Resize implements Resize method of Terminal interface
type UTS ¶
type UTS struct {
HostUTS bool `json:"host_uts"`
}
UTS settings of the container It is for UTS namespace setting. Usually different containers have their own UTS namespace, however this specifies to use an existing UTS namespace. Joining the host's UTS namespace is currently the only supported option.