generate

package

v0.2.0 Latest Latest Go to latest Published: Sep 26, 2017 License: Apache-2.0 Imports: 9 Imported by: 213

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/opencontainers/runtime-tools

Links

Open Source Insights

Documentation ¶

Overview ¶

Package generate implements functions generating container config files.

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// Namespaces include the names of supported namespaces.
	Namespaces = []string{"network", "pid", "mount", "ipc", "uts", "user", "cgroup"}
)

Functions ¶

This section is empty.

Types ¶

type ExportOptions ¶

type ExportOptions struct {
	Seccomp bool // seccomp toggles if only seccomp should be exported
}

ExportOptions have toggles for exporting only certain parts of the specification

type Generator ¶

type Generator struct {
	HostSpecific bool
	// contains filtered or unexported fields
}

Generator represents a generator for a container spec.

func New ¶

func New() Generator

New creates a spec Generator with the default spec.

func NewFromFile ¶

func NewFromFile(path string) (Generator, error)

NewFromFile loads the template specified in a file into a spec Generator.

func NewFromSpec ¶

func NewFromSpec(spec *rspec.Spec) Generator

NewFromSpec creates a spec Generator from a given spec.

func NewFromTemplate ¶

func NewFromTemplate(r io.Reader) (Generator, error)

NewFromTemplate loads the template from io.Reader into a spec Generator.

func (*Generator) AddAnnotation ¶

func (g *Generator) AddAnnotation(key, value string)

AddAnnotation adds an annotation into g.spec.Annotations.

func (*Generator) AddBindMount ¶

func (g *Generator) AddBindMount(source, dest string, options []string)

AddBindMount adds a bind mount into g.spec.Mounts.

func (*Generator) AddCgroupsMount ¶

func (g *Generator) AddCgroupsMount(mountCgroupOption string) error

AddCgroupsMount adds a cgroup mount into g.spec.Mounts.

func (*Generator) AddDevice ¶

func (g *Generator) AddDevice(device rspec.LinuxDevice)

AddDevice - add a device into g.spec.Linux.Devices

func (*Generator) AddLinuxGIDMapping ¶

func (g *Generator) AddLinuxGIDMapping(hid, cid, size uint32)

AddLinuxGIDMapping adds gidMap into g.spec.Linux.GIDMappings.

func (*Generator) AddLinuxMaskedPaths ¶

func (g *Generator) AddLinuxMaskedPaths(path string)

AddLinuxMaskedPaths adds masked paths into g.spec.Linux.MaskedPaths.

func (*Generator) AddLinuxReadonlyPaths ¶

func (g *Generator) AddLinuxReadonlyPaths(path string)

AddLinuxReadonlyPaths adds readonly paths into g.spec.Linux.MaskedPaths.

func (*Generator) AddLinuxResourcesHugepageLimit ¶

func (g *Generator) AddLinuxResourcesHugepageLimit(pageSize string, limit uint64)

AddLinuxResourcesHugepageLimit adds or sets g.spec.Linux.Resources.HugepageLimits.

func (*Generator) AddLinuxResourcesNetworkPriorities ¶

func (g *Generator) AddLinuxResourcesNetworkPriorities(name string, prio uint32)

AddLinuxResourcesNetworkPriorities adds or sets g.spec.Linux.Resources.Network.Priorities.

func (*Generator) AddLinuxSysctl ¶

func (g *Generator) AddLinuxSysctl(key, value string)

AddLinuxSysctl adds a new sysctl config into g.spec.Linux.Sysctl.

func (*Generator) AddLinuxUIDMapping ¶

func (g *Generator) AddLinuxUIDMapping(hid, cid, size uint32)

AddLinuxUIDMapping adds uidMap into g.spec.Linux.UIDMappings.

func (*Generator) AddOrReplaceLinuxNamespace ¶

func (g *Generator) AddOrReplaceLinuxNamespace(ns string, path string) error

AddOrReplaceLinuxNamespace adds or replaces a namespace inside g.spec.Linux.Namespaces.

func (*Generator) AddPostStartHook ¶

func (g *Generator) AddPostStartHook(path string, args []string)

AddPostStartHook adds a poststart hook into g.spec.Hooks.Poststart.

func (*Generator) AddPostStartHookEnv ¶

func (g *Generator) AddPostStartHookEnv(path string, envs []string)

AddPostStartHookEnv adds envs of a poststart hook into g.spec.Hooks.Poststart.

func (*Generator) AddPostStartHookTimeout ¶

func (g *Generator) AddPostStartHookTimeout(path string, timeout int)

AddPostStartHookTimeout adds timeout of a poststart hook into g.spec.Hooks.Poststart.

func (*Generator) AddPostStopHook ¶

func (g *Generator) AddPostStopHook(path string, args []string)

AddPostStopHook adds a poststop hook into g.spec.Hooks.Poststop.

func (*Generator) AddPostStopHookEnv ¶

func (g *Generator) AddPostStopHookEnv(path string, envs []string)

AddPostStopHookEnv adds envs of a poststop hook into g.spec.Hooks.Poststop.

func (*Generator) AddPostStopHookTimeout ¶

func (g *Generator) AddPostStopHookTimeout(path string, timeout int)

AddPostStopHookTimeout adds timeout of a poststop hook into g.spec.Hooks.Poststop.

func (*Generator) AddPreStartHook ¶

func (g *Generator) AddPreStartHook(path string, args []string)

AddPreStartHook add a prestart hook into g.spec.Hooks.Prestart.

func (*Generator) AddPreStartHookEnv ¶

func (g *Generator) AddPreStartHookEnv(path string, envs []string)

AddPreStartHookEnv adds envs of a prestart hook into g.spec.Hooks.Prestart.

func (*Generator) AddPreStartHookTimeout ¶

func (g *Generator) AddPreStartHookTimeout(path string, timeout int)

AddPreStartHookTimeout adds timeout of a prestart hook into g.spec.Hooks.Prestart.

func (*Generator) AddProcessAdditionalGid ¶

func (g *Generator) AddProcessAdditionalGid(gid uint32)

AddProcessAdditionalGid adds an additional gid into g.spec.Process.AdditionalGids.

func (*Generator) AddProcessCapabilityAmbient ¶ added in v0.2.0

func (g *Generator) AddProcessCapabilityAmbient(c string) error

AddProcessCapabilityAmbient adds a process capability into g.spec.Process.Capabilities.Ambient.

func (*Generator) AddProcessCapabilityBounding ¶ added in v0.2.0

func (g *Generator) AddProcessCapabilityBounding(c string) error

AddProcessCapabilityBounding adds a process capability into g.spec.Process.Capabilities.Bounding.

func (*Generator) AddProcessCapabilityEffective ¶ added in v0.2.0

func (g *Generator) AddProcessCapabilityEffective(c string) error

AddProcessCapabilityEffective adds a process capability into g.spec.Process.Capabilities.Effective.

func (*Generator) AddProcessCapabilityInheritable ¶ added in v0.2.0

func (g *Generator) AddProcessCapabilityInheritable(c string) error

AddProcessCapabilityInheritable adds a process capability into g.spec.Process.Capabilities.Inheritable.

func (*Generator) AddProcessCapabilityPermitted ¶ added in v0.2.0

func (g *Generator) AddProcessCapabilityPermitted(c string) error

AddProcessCapabilityPermitted adds a process capability into g.spec.Process.Capabilities.Permitted.

func (*Generator) AddProcessEnv ¶

func (g *Generator) AddProcessEnv(name, value string)

AddProcessEnv adds name=value into g.spec.Process.Env, or replaces an existing entry with the given name.

func (*Generator) AddProcessRlimits ¶

func (g *Generator) AddProcessRlimits(rType string, rHard uint64, rSoft uint64)

AddProcessRlimits adds rlimit into g.spec.Process.Rlimits.

func (*Generator) AddTmpfsMount ¶

func (g *Generator) AddTmpfsMount(dest string, options []string)

AddTmpfsMount adds a tmpfs mount into g.spec.Mounts.

func (*Generator) ClearAnnotations ¶

func (g *Generator) ClearAnnotations()

ClearAnnotations clears g.spec.Annotations.

func (*Generator) ClearLinuxDevices ¶

func (g *Generator) ClearLinuxDevices()

ClearLinuxDevices clears g.spec.Linux.Devices

func (*Generator) ClearLinuxGIDMappings ¶

func (g *Generator) ClearLinuxGIDMappings()

ClearLinuxGIDMappings clear g.spec.Linux.GIDMappings.

func (*Generator) ClearLinuxNamespaces ¶

func (g *Generator) ClearLinuxNamespaces()

ClearLinuxNamespaces clear g.spec.Linux.Namespaces.

func (*Generator) ClearLinuxSysctl ¶

func (g *Generator) ClearLinuxSysctl()

ClearLinuxSysctl clears g.spec.Linux.Sysctl.

func (*Generator) ClearLinuxUIDMappings ¶

func (g *Generator) ClearLinuxUIDMappings()

ClearLinuxUIDMappings clear g.spec.Linux.UIDMappings.

func (*Generator) ClearPostStartHooks ¶

func (g *Generator) ClearPostStartHooks()

ClearPostStartHooks clear g.spec.Hooks.Poststart.

func (*Generator) ClearPostStopHooks ¶

func (g *Generator) ClearPostStopHooks()

ClearPostStopHooks clear g.spec.Hooks.Poststop.

func (*Generator) ClearPreStartHooks ¶

func (g *Generator) ClearPreStartHooks()

ClearPreStartHooks clear g.spec.Hooks.Prestart.

func (*Generator) ClearProcessAdditionalGids ¶

func (g *Generator) ClearProcessAdditionalGids()

ClearProcessAdditionalGids clear g.spec.Process.AdditionalGids.

func (*Generator) ClearProcessCapabilities ¶

func (g *Generator) ClearProcessCapabilities()

ClearProcessCapabilities clear g.spec.Process.Capabilities.

func (*Generator) ClearProcessEnv ¶

func (g *Generator) ClearProcessEnv()

ClearProcessEnv clears g.spec.Process.Env.

func (*Generator) ClearProcessRlimits ¶

func (g *Generator) ClearProcessRlimits()

ClearProcessRlimits clear g.spec.Process.Rlimits.

func (*Generator) DropLinuxResourcesHugepageLimit ¶

func (g *Generator) DropLinuxResourcesHugepageLimit(pageSize string) error

DropLinuxResourcesHugepageLimit drops a hugepage limit from g.spec.Linux.Resources.HugepageLimits.

func (*Generator) DropLinuxResourcesNetworkPriorities ¶

func (g *Generator) DropLinuxResourcesNetworkPriorities(name string)

DropLinuxResourcesNetworkPriorities drops one item from g.spec.Linux.Resources.Network.Priorities.

func (*Generator) DropProcessCapabilityAmbient ¶ added in v0.2.0

func (g *Generator) DropProcessCapabilityAmbient(c string) error

DropProcessCapabilityAmbient drops a process capability from g.spec.Process.Capabilities.Ambient.

func (*Generator) DropProcessCapabilityBounding ¶ added in v0.2.0

func (g *Generator) DropProcessCapabilityBounding(c string) error

DropProcessCapabilityBounding drops a process capability from g.spec.Process.Capabilities.Bounding.

func (*Generator) DropProcessCapabilityEffective ¶ added in v0.2.0

func (g *Generator) DropProcessCapabilityEffective(c string) error

DropProcessCapabilityEffective drops a process capability from g.spec.Process.Capabilities.Effective.

func (*Generator) DropProcessCapabilityInheritable ¶ added in v0.2.0

func (g *Generator) DropProcessCapabilityInheritable(c string) error

DropProcessCapabilityInheritable drops a process capability from g.spec.Process.Capabilities.Inheritable.

func (*Generator) DropProcessCapabilityPermitted ¶ added in v0.2.0

func (g *Generator) DropProcessCapabilityPermitted(c string) error

DropProcessCapabilityPermitted drops a process capability from g.spec.Process.Capabilities.Permitted.

func (*Generator) RemoveAllSeccompRules ¶

func (g *Generator) RemoveAllSeccompRules() error

RemoveAllSeccompRules removes all syscall rules

func (*Generator) RemoveAnnotation ¶

func (g *Generator) RemoveAnnotation(key string)

RemoveAnnotation remove an annotation from g.spec.Annotations.

func (*Generator) RemoveDevice ¶

func (g *Generator) RemoveDevice(path string) error

RemoveDevice remove a device from g.spec.Linux.Devices

func (*Generator) RemoveLinuxNamespace ¶

func (g *Generator) RemoveLinuxNamespace(ns string) error

RemoveLinuxNamespace removes a namespace from g.spec.Linux.Namespaces.

func (*Generator) RemoveLinuxSysctl ¶

func (g *Generator) RemoveLinuxSysctl(key string)

RemoveLinuxSysctl removes a sysctl config from g.spec.Linux.Sysctl.

func (*Generator) RemoveProcessRlimits ¶

func (g *Generator) RemoveProcessRlimits(rType string) error

RemoveProcessRlimits removes a rlimit from g.spec.Process.Rlimits.

func (*Generator) RemoveSeccompRule ¶

func (g *Generator) RemoveSeccompRule(arguments string) error

RemoveSeccompRule removes rules for any specified syscalls

func (*Generator) Save ¶

func (g *Generator) Save(w io.Writer, exportOpts ExportOptions) (err error)

Save writes the spec into w.

func (*Generator) SaveToFile ¶

func (g *Generator) SaveToFile(path string, exportOpts ExportOptions) error

SaveToFile writes the spec into a file.

func (*Generator) SetDefaultSeccompAction ¶

func (g *Generator) SetDefaultSeccompAction(action string) error

SetDefaultSeccompAction sets the default action for all syscalls not defined and then removes any syscall rules with this action already specified.

func (*Generator) SetDefaultSeccompActionForce ¶

func (g *Generator) SetDefaultSeccompActionForce(action string) error

SetDefaultSeccompActionForce only sets the default action for all syscalls not defined

func (*Generator) SetHostname ¶

func (g *Generator) SetHostname(s string)

SetHostname sets g.spec.Hostname.

func (*Generator) SetLinuxCgroupsPath ¶

func (g *Generator) SetLinuxCgroupsPath(path string)

SetLinuxCgroupsPath sets g.spec.Linux.CgroupsPath.

func (*Generator) SetLinuxMountLabel ¶

func (g *Generator) SetLinuxMountLabel(label string)

SetLinuxMountLabel sets g.spec.Linux.MountLabel.

func (*Generator) SetLinuxResourcesCPUCpus ¶

func (g *Generator) SetLinuxResourcesCPUCpus(cpus string)

SetLinuxResourcesCPUCpus sets g.spec.Linux.Resources.CPU.Cpus.

func (*Generator) SetLinuxResourcesCPUMems ¶

func (g *Generator) SetLinuxResourcesCPUMems(mems string)

SetLinuxResourcesCPUMems sets g.spec.Linux.Resources.CPU.Mems.

func (*Generator) SetLinuxResourcesCPUPeriod ¶

func (g *Generator) SetLinuxResourcesCPUPeriod(period uint64)

SetLinuxResourcesCPUPeriod sets g.spec.Linux.Resources.CPU.Period.

func (*Generator) SetLinuxResourcesCPUQuota ¶

func (g *Generator) SetLinuxResourcesCPUQuota(quota int64)

SetLinuxResourcesCPUQuota sets g.spec.Linux.Resources.CPU.Quota.

func (*Generator) SetLinuxResourcesCPURealtimePeriod ¶

func (g *Generator) SetLinuxResourcesCPURealtimePeriod(period uint64)

SetLinuxResourcesCPURealtimePeriod sets g.spec.Linux.Resources.CPU.RealtimePeriod.

func (*Generator) SetLinuxResourcesCPURealtimeRuntime ¶

func (g *Generator) SetLinuxResourcesCPURealtimeRuntime(time int64)

SetLinuxResourcesCPURealtimeRuntime sets g.spec.Linux.Resources.CPU.RealtimeRuntime.

func (*Generator) SetLinuxResourcesCPUShares ¶

func (g *Generator) SetLinuxResourcesCPUShares(shares uint64)

SetLinuxResourcesCPUShares sets g.spec.Linux.Resources.CPU.Shares.

func (*Generator) SetLinuxResourcesMemoryDisableOOMKiller ¶

func (g *Generator) SetLinuxResourcesMemoryDisableOOMKiller(disable bool)

SetLinuxResourcesMemoryDisableOOMKiller sets g.spec.Linux.Resources.Memory.DisableOOMKiller.

func (*Generator) SetLinuxResourcesMemoryKernel ¶

func (g *Generator) SetLinuxResourcesMemoryKernel(kernel int64)

SetLinuxResourcesMemoryKernel sets g.spec.Linux.Resources.Memory.Kernel.

func (*Generator) SetLinuxResourcesMemoryKernelTCP ¶

func (g *Generator) SetLinuxResourcesMemoryKernelTCP(kernelTCP int64)

SetLinuxResourcesMemoryKernelTCP sets g.spec.Linux.Resources.Memory.KernelTCP.

func (*Generator) SetLinuxResourcesMemoryLimit ¶

func (g *Generator) SetLinuxResourcesMemoryLimit(limit int64)

SetLinuxResourcesMemoryLimit sets g.spec.Linux.Resources.Memory.Limit.

func (*Generator) SetLinuxResourcesMemoryReservation ¶

func (g *Generator) SetLinuxResourcesMemoryReservation(reservation int64)

SetLinuxResourcesMemoryReservation sets g.spec.Linux.Resources.Memory.Reservation.

func (*Generator) SetLinuxResourcesMemorySwap ¶

func (g *Generator) SetLinuxResourcesMemorySwap(swap int64)

SetLinuxResourcesMemorySwap sets g.spec.Linux.Resources.Memory.Swap.

func (*Generator) SetLinuxResourcesMemorySwappiness ¶

func (g *Generator) SetLinuxResourcesMemorySwappiness(swappiness uint64)

SetLinuxResourcesMemorySwappiness sets g.spec.Linux.Resources.Memory.Swappiness.

func (*Generator) SetLinuxResourcesNetworkClassID ¶

func (g *Generator) SetLinuxResourcesNetworkClassID(classid uint32)

SetLinuxResourcesNetworkClassID sets g.spec.Linux.Resources.Network.ClassID.

func (*Generator) SetLinuxResourcesPidsLimit ¶

func (g *Generator) SetLinuxResourcesPidsLimit(limit int64)

SetLinuxResourcesPidsLimit sets g.spec.Linux.Resources.Pids.Limit.

func (*Generator) SetLinuxRootPropagation ¶

func (g *Generator) SetLinuxRootPropagation(rp string) error

SetLinuxRootPropagation sets g.spec.Linux.RootfsPropagation.

func (*Generator) SetProcessApparmorProfile ¶

func (g *Generator) SetProcessApparmorProfile(prof string)

SetProcessApparmorProfile sets g.spec.Process.ApparmorProfile.

func (*Generator) SetProcessArgs ¶

func (g *Generator) SetProcessArgs(args []string)

SetProcessArgs sets g.spec.Process.Args.

func (*Generator) SetProcessConsoleSize ¶

func (g *Generator) SetProcessConsoleSize(width, height uint)

SetProcessConsoleSize sets g.spec.Process.ConsoleSize.

func (*Generator) SetProcessCwd ¶

func (g *Generator) SetProcessCwd(cwd string)

SetProcessCwd sets g.spec.Process.Cwd.

func (*Generator) SetProcessGID ¶

func (g *Generator) SetProcessGID(gid uint32)

SetProcessGID sets g.spec.Process.User.GID.

func (*Generator) SetProcessNoNewPrivileges ¶

func (g *Generator) SetProcessNoNewPrivileges(b bool)

SetProcessNoNewPrivileges sets g.spec.Process.NoNewPrivileges.

func (*Generator) SetProcessOOMScoreAdj ¶

func (g *Generator) SetProcessOOMScoreAdj(adj int)

SetProcessOOMScoreAdj sets g.spec.Process.OOMScoreAdj.

func (*Generator) SetProcessSelinuxLabel ¶

func (g *Generator) SetProcessSelinuxLabel(label string)

SetProcessSelinuxLabel sets g.spec.Process.SelinuxLabel.

func (*Generator) SetProcessTerminal ¶

func (g *Generator) SetProcessTerminal(b bool)

SetProcessTerminal sets g.spec.Process.Terminal.

func (*Generator) SetProcessUID ¶

func (g *Generator) SetProcessUID(uid uint32)

SetProcessUID sets g.spec.Process.User.UID.

func (*Generator) SetRootPath ¶

func (g *Generator) SetRootPath(path string)

SetRootPath sets g.spec.Root.Path.

func (*Generator) SetRootReadonly ¶

func (g *Generator) SetRootReadonly(b bool)

SetRootReadonly sets g.spec.Root.Readonly.

func (*Generator) SetSeccompArchitecture ¶

func (g *Generator) SetSeccompArchitecture(architecture string) error

SetSeccompArchitecture sets the supported seccomp architectures

func (*Generator) SetSpec ¶

func (g *Generator) SetSpec(spec *rspec.Spec)

SetSpec sets the spec in the Generator g.

func (*Generator) SetSyscallAction ¶

func (g *Generator) SetSyscallAction(arguments seccomp.SyscallOpts) error

SetSyscallAction adds rules for syscalls with the specified action

func (*Generator) SetVersion ¶

func (g *Generator) SetVersion(version string)

SetVersion sets g.spec.Version.

func (*Generator) SetupPrivileged ¶

func (g *Generator) SetupPrivileged(privileged bool)

SetupPrivileged sets up the privilege-related fields inside g.spec.

func (*Generator) Spec ¶

func (g *Generator) Spec() *rspec.Spec

Spec gets the spec in the Generator g.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
seccomp

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL