Documentation ¶
Index ¶
- func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, ...) (*specs.Spec, func(), error)
- func GetHostsFile(ctx context.Context, stateDir string, extraHosts []executor.HostIP) (string, func(), error)
- func GetMounts(ctx context.Context, mountOpts ...MountOpts) ([]specs.Mount, error)
- func GetResolvConf(ctx context.Context, stateDir string) (string, error)
- func GetUser(ctx context.Context, root, username string) (uint32, uint32, []uint32, error)
- func ParseUIDGID(str string) (uid uint32, gid uint32, err error)
- func WithUIDGID(uid, gid uint32, sgids []uint32) containerdoci.SpecOpts
- type MountOpts
- type ProcessMode
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateSpec ¶
func GenerateSpec(ctx context.Context, meta executor.Meta, mounts []executor.Mount, id, resolvConf, hostsFile string, namespace network.Namespace, processMode ProcessMode, opts ...oci.SpecOpts) (*specs.Spec, func(), error)
GenerateSpec generates spec using containerd functionality. opts are ignored for s.Process, s.Hostname, and s.Mounts .
func GetHostsFile ¶
func GetMounts ¶
GetMounts returns default required for buildkit https://github.com/moby/buildkit/issues/429
func ParseUIDGID ¶
ParseUIDGID takes the fast path to parse UID and GID if and only if they are both provided
func WithUIDGID ¶
func WithUIDGID(uid, gid uint32, sgids []uint32) containerdoci.SpecOpts
WithUIDGID allows the UID and GID for the Process to be set FIXME: This is a temporeray fix for the missing supplementary GIDs from containerd once the PR in containerd is merged we should remove this function.
Types ¶
type ProcessMode ¶ added in v0.4.0
type ProcessMode int
ProcMode configures PID namespaces
const ( // ProcessSandbox unshares pidns and mount procfs. ProcessSandbox ProcessMode = iota // NoProcessSandbox uses host pidns and bind-mount procfs. // Note that NoProcessSandbox allows build containers to kill (and potentially ptrace) an arbitrary process in the BuildKit host namespace. // NoProcessSandbox should be enabled only when the BuildKit is running in a container as an unprivileged user. NoProcessSandbox )
Click to show internal directories.
Click to hide internal directories.