Documentation ¶
Index ¶
- type Config
- func (c *Config) AddGIDMappings(gids []specs.LinuxIDMapping) error
- func (c *Config) AddUIDMappings(uids []specs.LinuxIDMapping) error
- func (c *Config) GetContainerPid() int
- func (c *Config) GetImageFd() int
- func (c *Config) GetIsSUID() bool
- func (c *Config) GetJSONConfig() []byte
- func (c *Config) KeepFileDescriptor(fd int) error
- func (c *Config) Release() error
- func (c *Config) SetAllowSetgroups(allow bool)
- func (c *Config) SetBringLoopbackInterface(bring bool)
- func (c *Config) SetCapabilities(ctype string, caps []string)
- func (c *Config) SetHybridWorkflow(hybrid bool)
- func (c *Config) SetImageFd(fd int)
- func (c *Config) SetInstance(instance bool)
- func (c *Config) SetMasterPropagateMount(propagate bool)
- func (c *Config) SetMountPropagation(propagation string)
- func (c *Config) SetNamespaceJoinOnly(join bool)
- func (c *Config) SetNewGIDMapPath() error
- func (c *Config) SetNewUIDMapPath() error
- func (c *Config) SetNoNewPrivs(noprivs bool)
- func (c *Config) SetNoSetgroups(noSetgroups bool)
- func (c *Config) SetNsFlags(flags int)
- func (c *Config) SetNsFlagsFromSpec(namespaces []specs.LinuxNamespace)
- func (c *Config) SetNsPath(nstype specs.LinuxNamespaceType, path string) error
- func (c *Config) SetNsPathFromSpec(namespaces []specs.LinuxNamespace) error
- func (c *Config) SetNvCCLICaps(enabled bool)
- func (c *Config) SetTargetGID(gids []int)
- func (c *Config) SetTargetUID(uid int)
- func (c *Config) SetWorkingDirectoryFd(fd int)
- func (c *Config) Write(payload interface{}) error
- type SConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config wraps SConfig. It is used to manipulate starter's config which lies in shared memory. Thus the Go part can update the config and starter will respect it during container creation. More specifically, all SetXXX methods of the Config will modify the shared memory unless the Release method was called.
func NewConfig ¶
NewConfig creates a Config based on SConfig. Since SConfig is an alias for *C.struct_starterConfig, the underlying memory is shared between C and Go.
func (*Config) AddGIDMappings ¶
AddGIDMappings sets user namespace GID mapping.
func (*Config) AddUIDMappings ¶
AddUIDMappings sets user namespace UID mapping.
func (*Config) GetContainerPid ¶
GetContainerPid returns the container PID (if any). Container PID is set by master process before stage 2 or rpc.
func (*Config) GetImageFd ¶
GetImageFd returns the fd for the image in use.
func (*Config) GetIsSUID ¶
GetIsSUID returns true if the SUID workflow is enabled. This field is set by starter at the very beginning of its execution.
func (*Config) GetJSONConfig ¶
GetJSONConfig returns pointer to the engine's JSON configuration. A copy of the original bytes allocated on C heap is returned.
func (*Config) KeepFileDescriptor ¶
KeepFileDescriptor adds a file descriptor to an array of file descriptors that starter will keep open. All files opened during stage 1 will be shared with starter process. Once stage 1 returns, all file descriptors which are not listed here will be closed.
func (*Config) Release ¶
Release performs an unmap of a shared starter config and releases the mapped memory. This method should be called as soon as the process doesn't need to access or modify the underlying starter configuration. Attempt to modify the underlying config after the call to Release will result in a segmentation fault.
func (*Config) SetAllowSetgroups ¶
SetAllowSetgroups allows use of setgroups syscall from user namespace.
func (*Config) SetBringLoopbackInterface ¶
SetBringLoopbackInterface changes starter config so that it will bring up a loopback network interface during container creation if bring is true.
func (*Config) SetCapabilities ¶
SetCapabilities sets corresponding capability set identified by ctype from a capability string list identified by ctype.
func (*Config) SetHybridWorkflow ¶
SetHybridWorkflow sets the flag to tell starter container setup will require a hybrid workflow. Typically used for fakeroot. In a hybrid workflow, the master process lives in host user namespace with the ability to escalate privileges, while the container process lives in its own user namespace.
func (*Config) SetImageFd ¶
SetImageFd changes starter config and sets fd for the image in use.
func (*Config) SetInstance ¶
SetInstance changes starter config so that it will spawn an instance instead of a regular container if the passed value is true.
func (*Config) SetMasterPropagateMount ¶
SetMasterPropagateMount changes starter config so that the mount propagation between master (process that monitors container) and a container itself is set to MS_SHARED if propagate is true.
func (*Config) SetMountPropagation ¶
SetMountPropagation changes starter config and sets container's root filesystem mount propagation that will be respected during container creation.
func (*Config) SetNamespaceJoinOnly ¶
SetNamespaceJoinOnly changes starter config so that the created process will join an already running container (used for `singularity shell` and `singularity oci exec`) if join is true.
func (*Config) SetNewGIDMapPath ¶
SetNewGIDMapPath sets absolute path to newgidmap binary if found.
func (*Config) SetNewUIDMapPath ¶
SetNewUIDMapPath sets absolute path to newuidmap binary if found.
func (*Config) SetNoNewPrivs ¶
SetNoNewPrivs changes starter config so that it will set NO_NEW_PRIVS flag for a container before it starts up if noprivs is true.
func (*Config) SetNoSetgroups ¶
SetNoSetgroups disables the setgroups call for the container process in the starter. Preserves access to files that depends on supplementary groups outside of the user namespace. The supplementary groups will map to 'nobody' inside the container.
func (*Config) SetNsFlags ¶
SetNsFlags sets namespace flags directly from flags argument.
func (*Config) SetNsFlagsFromSpec ¶
func (c *Config) SetNsFlagsFromSpec(namespaces []specs.LinuxNamespace)
SetNsFlagsFromSpec sets namespace flags from OCI spec.
func (*Config) SetNsPathFromSpec ¶
SetNsPathFromSpec sets namespaces to be joined from OCI spec.
func (*Config) SetNvCCLICaps ¶
SetNvCCLICaps sets the flag to tell starter container setup to configure a bounding capabilities set that will permit execution of nvidia-container-cli
func (*Config) SetTargetGID ¶
SetTargetGID sets target GIDs to execute container process as group IDs.
func (*Config) SetTargetUID ¶
SetTargetUID sets target UID to execute the container process as user ID.
func (*Config) SetWorkingDirectoryFd ¶
SetWorkingDirectoryFd changes starter config and sets current working directory to the file pointed by file descriptor fd. Starter will use this file descriptor to change its working directory with fchdir after stage 1.
type SConfig ¶
type SConfig *C.struct_starterConfig
SConfig is an alias for *C.struct_starterConfig (see cmd/starter/c/include/starter.h) introduced for convenience.