oci

package
v1.2.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 20, 2018 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var WithAllCapabilities = WithCapabilities(getAllCapabilities())

WithAllCapabilities sets all linux capabilities for the process

WithPrivileged sets up options for a privileged container TODO(justincormack) device handling

Functions

func ApplyOpts added in v1.2.0

func ApplyOpts(ctx context.Context, client Client, c *containers.Container, s *Spec, opts ...SpecOpts) error

ApplyOpts applys the options to the given spec, injecting data from the context, client and container instance.

func WithDefaultUnixDevices added in v1.2.0

func WithDefaultUnixDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithDefaultUnixDevices adds the default devices for unix such as /dev/null, /dev/random to the container's resource cgroup spec

func WithHostHostsFile

func WithHostHostsFile(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly

func WithHostLocaltime

func WithHostLocaltime(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithHostLocaltime bind-mounts the host's /etc/localtime into the container as readonly

func WithHostResolvconf

func WithHostResolvconf(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly

func WithNewPrivileges added in v1.1.4

func WithNewPrivileges(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithNewPrivileges turns off the NoNewPrivileges feature flag in the spec

func WithNoNewPrivileges

func WithNoNewPrivileges(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithNoNewPrivileges sets no_new_privileges on the process for the container

func WithParentCgroupDevices added in v1.2.0

func WithParentCgroupDevices(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithParentCgroupDevices uses the default cgroup setup to inherit the container's parent cgroup's allowed and denied devices

func WithSeccompUnconfined added in v1.1.0

func WithSeccompUnconfined(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithSeccompUnconfined clears the seccomp profile

func WithTTY

func WithTTY(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithTTY sets the information on the spec as well as the environment variables for using a TTY

func WithWriteableCgroupfs added in v1.1.0

func WithWriteableCgroupfs(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithWriteableCgroupfs makes any cgroup mounts writeable

func WithWriteableSysfs added in v1.1.0

func WithWriteableSysfs(_ context.Context, _ Client, _ *containers.Container, s *Spec) error

WithWriteableSysfs makes any sysfs mounts writeable

Types

type Client

type Client interface {
	SnapshotService(snapshotterName string) snapshots.Snapshotter
}

Client interface used by SpecOpt

type Image

type Image interface {
	// Config descriptor for the image.
	Config(ctx context.Context) (ocispec.Descriptor, error)
	// ContentStore provides a content store which contains image blob data
	ContentStore() content.Store
}

Image interface used by some SpecOpt to query image configuration

type Spec added in v1.2.0

type Spec = specs.Spec

Spec is a type alias to the OCI runtime spec to allow third part SpecOpts to be created without the "issues" with go vendoring and package imports

func GenerateSpec

func GenerateSpec(ctx context.Context, client Client, c *containers.Container, opts ...SpecOpts) (*Spec, error)

GenerateSpec will generate a default spec from the provided image for use as a containerd container

func GenerateSpecWithPlatform added in v1.2.0

func GenerateSpecWithPlatform(ctx context.Context, client Client, platform string, c *containers.Container, opts ...SpecOpts) (*Spec, error)

GenerateSpecWithPlatform will generate a default spec from the provided image for use as a containerd container in the platform requested.

type SpecOpts

type SpecOpts func(context.Context, Client, *containers.Container, *Spec) error

SpecOpts sets spec specific information to a newly generated OCI spec

func Compose added in v1.1.0

func Compose(opts ...SpecOpts) SpecOpts

Compose converts a sequence of spec operations into a single operation

func WithAdditionalGIDs added in v1.1.4

func WithAdditionalGIDs(userstr string) SpecOpts

WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem The passed in user can be either a uid or a username.

func WithAmbientCapabilities added in v1.2.0

func WithAmbientCapabilities(caps []string) SpecOpts

WithAmbientCapabilities set the Linux ambient capabilities for the process Ambient capabilities should only be set for non-root users or the caller should understand how these capabilities are used and set

func WithApparmorProfile added in v1.1.0

func WithApparmorProfile(profile string) SpecOpts

WithApparmorProfile sets the Apparmor profile for the process

func WithCapabilities added in v1.1.0

func WithCapabilities(caps []string) SpecOpts

WithCapabilities sets Linux capabilities on the process

func WithCgroup

func WithCgroup(path string) SpecOpts

WithCgroup sets the container's cgroup path

func WithDefaultSpec added in v1.2.0

func WithDefaultSpec() SpecOpts

WithDefaultSpec returns a SpecOpts that will populate the spec with default values.

Use as the first option to clear the spec, then apply options afterwards.

func WithDefaultSpecForPlatform added in v1.2.0

func WithDefaultSpecForPlatform(platform string) SpecOpts

WithDefaultSpecForPlatform returns a SpecOpts that will populate the spec with default values for a given platform.

Use as the first option to clear the spec, then apply options afterwards.

func WithEnv added in v1.1.0

func WithEnv(environmentVariables []string) SpecOpts

WithEnv appends environment variables

func WithHostNamespace

func WithHostNamespace(ns specs.LinuxNamespaceType) SpecOpts

WithHostNamespace allows a task to run inside the host's linux namespace

func WithHostname

func WithHostname(name string) SpecOpts

WithHostname sets the container's hostname

func WithImageConfig

func WithImageConfig(image Image) SpecOpts

WithImageConfig configures the spec to from the configuration of an Image

func WithImageConfigArgs added in v1.2.0

func WithImageConfigArgs(image Image, args []string) SpecOpts

WithImageConfigArgs configures the spec to from the configuration of an Image with additional args that replaces the CMD of the image

func WithLinuxNamespace

func WithLinuxNamespace(ns specs.LinuxNamespace) SpecOpts

WithLinuxNamespace uses the passed in namespace for the spec. If a namespace of the same type already exists in the spec, the existing namespace is replaced by the one provided.

func WithMaskedPaths added in v1.1.0

func WithMaskedPaths(paths []string) SpecOpts

WithMaskedPaths sets the masked paths option

func WithMounts added in v1.1.0

func WithMounts(mounts []specs.Mount) SpecOpts

WithMounts appends mounts

func WithNamespacedCgroup

func WithNamespacedCgroup() SpecOpts

WithNamespacedCgroup uses the namespace set on the context to create a root directory for containers in the cgroup with the id as the subcgroup

func WithProcessArgs

func WithProcessArgs(args ...string) SpecOpts

WithProcessArgs replaces the args on the generated spec

func WithProcessCwd

func WithProcessCwd(cwd string) SpecOpts

WithProcessCwd replaces the current working directory on the generated spec

func WithReadonlyPaths added in v1.1.0

func WithReadonlyPaths(paths []string) SpecOpts

WithReadonlyPaths sets the read only paths option

func WithRootFSPath

func WithRootFSPath(path string) SpecOpts

WithRootFSPath specifies unmanaged rootfs path.

func WithRootFSReadonly

func WithRootFSReadonly() SpecOpts

WithRootFSReadonly sets specs.Root.Readonly to true

func WithSelinuxLabel added in v1.1.0

func WithSelinuxLabel(label string) SpecOpts

WithSelinuxLabel sets the process SELinux label

func WithSpecFromBytes added in v1.2.0

func WithSpecFromBytes(p []byte) SpecOpts

WithSpecFromBytes loads the the spec from the provided byte slice.

func WithSpecFromFile added in v1.2.0

func WithSpecFromFile(filename string) SpecOpts

WithSpecFromFile loads the specification from the provided filename.

func WithTTYSize added in v1.2.0

func WithTTYSize(width, height int) SpecOpts

WithTTYSize sets the information on the spec as well as the environment variables for using a TTY

func WithUIDGID

func WithUIDGID(uid, gid uint32) SpecOpts

WithUIDGID allows the UID and GID for the Process to be set

func WithUser added in v1.1.0

func WithUser(userstr string) SpecOpts

WithUser sets the user to be used within the container. It accepts a valid user string in OCI Image Spec v1.0.0:

user, uid, user:group, uid:gid, uid:group, user:gid

func WithUserID

func WithUserID(uid uint32) SpecOpts

WithUserID sets the correct UID and GID for the container based on the image's /etc/passwd contents. If /etc/passwd does not exist, or uid is not found in /etc/passwd, it sets the requested uid, additionally sets the gid to 0, and does not return an error.

func WithUserNamespace

func WithUserNamespace(container, host, size uint32) SpecOpts

WithUserNamespace sets the uid and gid mappings for the task this can be called multiple times to add more mappings to the generated spec

func WithUsername

func WithUsername(username string) SpecOpts

WithUsername sets the correct UID and GID for the container based on the the image's /etc/passwd contents. If /etc/passwd does not exist, or the username is not found in /etc/passwd, it returns error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL