starter

package
v4.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 13, 2024 License: BSD-3-Clause Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	// contains filtered or unexported fields
}

Config wraps SConfig. It is used to manipulate starter's config which lies in shared memory. Thus the Go part can update the config and starter will respect it during container creation. More specifically, all SetXXX methods of the Config will modify the shared memory unless the Release method was called.

func NewConfig

func NewConfig(config SConfig) *Config

NewConfig creates a Config based on SConfig. Since SConfig is an alias for *C.struct_starterConfig, the underlying memory is shared between C and Go.

func (*Config) AddGIDMappings

func (c *Config) AddGIDMappings(gids []specs.LinuxIDMapping) error

AddGIDMappings sets user namespace GID mapping.

func (*Config) AddUIDMappings

func (c *Config) AddUIDMappings(uids []specs.LinuxIDMapping) error

AddUIDMappings sets user namespace UID mapping.

func (*Config) GetContainerPid

func (c *Config) GetContainerPid() int

GetContainerPid returns the container PID (if any). Container PID is set by master process before stage 2 or rpc.

func (*Config) GetImageFd

func (c *Config) GetImageFd() int

GetImageFd returns the fd for the image in use.

func (*Config) GetIsSUID

func (c *Config) GetIsSUID() bool

GetIsSUID returns true if the SUID workflow is enabled. This field is set by starter at the very beginning of its execution.

func (*Config) GetJSONConfig

func (c *Config) GetJSONConfig() []byte

GetJSONConfig returns pointer to the engine's JSON configuration. A copy of the original bytes allocated on C heap is returned.

func (*Config) KeepFileDescriptor

func (c *Config) KeepFileDescriptor(fd int) error

KeepFileDescriptor adds a file descriptor to an array of file descriptors that starter will keep open. All files opened during stage 1 will be shared with starter process. Once stage 1 returns, all file descriptors which are not listed here will be closed.

func (*Config) Release

func (c *Config) Release() error

Release performs an unmap of a shared starter config and releases the mapped memory. This method should be called as soon as the process doesn't need to access or modify the underlying starter configuration. Attempt to modify the underlying config after the call to Release will result in a segmentation fault.

func (*Config) SetAllowSetgroups

func (c *Config) SetAllowSetgroups(allow bool)

SetAllowSetgroups allows use of setgroups syscall from user namespace.

func (*Config) SetBringLoopbackInterface

func (c *Config) SetBringLoopbackInterface(bring bool)

SetBringLoopbackInterface changes starter config so that it will bring up a loopback network interface during container creation if bring is true.

func (*Config) SetCapabilities

func (c *Config) SetCapabilities(ctype string, caps []string)

SetCapabilities sets corresponding capability set identified by ctype from a capability string list identified by ctype.

func (*Config) SetHybridWorkflow

func (c *Config) SetHybridWorkflow(hybrid bool)

SetHybridWorkflow sets the flag to tell starter container setup will require a hybrid workflow. Typically used for fakeroot. In a hybrid workflow, the master process lives in host user namespace with the ability to escalate privileges, while the container process lives in its own user namespace.

func (*Config) SetImageFd

func (c *Config) SetImageFd(fd int)

SetImageFd changes starter config and sets fd for the image in use.

func (*Config) SetInstance

func (c *Config) SetInstance(instance bool)

SetInstance changes starter config so that it will spawn an instance instead of a regular container if the passed value is true.

func (*Config) SetMasterPropagateMount

func (c *Config) SetMasterPropagateMount(propagate bool)

SetMasterPropagateMount changes starter config so that the mount propagation between master (process that monitors container) and a container itself is set to MS_SHARED if propagate is true.

func (*Config) SetMountPropagation

func (c *Config) SetMountPropagation(propagation string)

SetMountPropagation changes starter config and sets container's root filesystem mount propagation that will be respected during container creation.

func (*Config) SetNamespaceJoinOnly

func (c *Config) SetNamespaceJoinOnly(join bool)

SetNamespaceJoinOnly changes starter config so that the created process will join an already running container (used for `singularity shell` and `singularity oci exec`) if join is true.

func (*Config) SetNewGIDMapPath

func (c *Config) SetNewGIDMapPath() error

SetNewGIDMapPath sets absolute path to newgidmap binary if found.

func (*Config) SetNewUIDMapPath

func (c *Config) SetNewUIDMapPath() error

SetNewUIDMapPath sets absolute path to newuidmap binary if found.

func (*Config) SetNoNewPrivs

func (c *Config) SetNoNewPrivs(noprivs bool)

SetNoNewPrivs changes starter config so that it will set NO_NEW_PRIVS flag for a container before it starts up if noprivs is true.

func (*Config) SetNoSetgroups

func (c *Config) SetNoSetgroups(noSetgroups bool)

SetNoSetgroups disables the setgroups call for the container process in the starter. Preserves access to files that depends on supplementary groups outside of the user namespace. The supplementary groups will map to 'nobody' inside the container.

func (*Config) SetNsFlags

func (c *Config) SetNsFlags(flags int)

SetNsFlags sets namespace flags directly from flags argument.

func (*Config) SetNsFlagsFromSpec

func (c *Config) SetNsFlagsFromSpec(namespaces []specs.LinuxNamespace)

SetNsFlagsFromSpec sets namespace flags from OCI spec.

func (*Config) SetNsPath

func (c *Config) SetNsPath(nstype specs.LinuxNamespaceType, path string) error

SetNsPath sets namespaces to be joined.

func (*Config) SetNsPathFromSpec

func (c *Config) SetNsPathFromSpec(namespaces []specs.LinuxNamespace) error

SetNsPathFromSpec sets namespaces to be joined from OCI spec.

func (*Config) SetNvCCLICaps

func (c *Config) SetNvCCLICaps(enabled bool)

SetNvCCLICaps sets the flag to tell starter container setup to configure a bounding capabilities set that will permit execution of nvidia-container-cli

func (*Config) SetTargetGID

func (c *Config) SetTargetGID(gids []int)

SetTargetGID sets target GIDs to execute container process as group IDs.

func (*Config) SetTargetUID

func (c *Config) SetTargetUID(uid int)

SetTargetUID sets target UID to execute the container process as user ID.

func (*Config) SetWorkingDirectoryFd

func (c *Config) SetWorkingDirectoryFd(fd int)

SetWorkingDirectoryFd changes starter config and sets current working directory to the file pointed by file descriptor fd. Starter will use this file descriptor to change its working directory with fchdir after stage 1.

func (*Config) Write

func (c *Config) Write(payload interface{}) error

WriteConfig modifies starter config by fully updating engine json configuration stored there. If json config is too big the error will be returned.

type SConfig

type SConfig *C.struct_starterConfig

SConfig is an alias for *C.struct_starterConfig (see cmd/starter/c/include/starter.h) introduced for convenience.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL