2016-01-20 00:27:47 +08:00
|
|
|
{
|
|
|
|
"definitions": {
|
|
|
|
"SeccompArch": {
|
|
|
|
"type": "string",
|
|
|
|
"enum": [
|
|
|
|
"SCMP_ARCH_X86",
|
|
|
|
"SCMP_ARCH_X86_64",
|
|
|
|
"SCMP_ARCH_X32",
|
|
|
|
"SCMP_ARCH_ARM",
|
|
|
|
"SCMP_ARCH_AARCH64",
|
|
|
|
"SCMP_ARCH_MIPS",
|
|
|
|
"SCMP_ARCH_MIPS64",
|
|
|
|
"SCMP_ARCH_MIPS64N32",
|
|
|
|
"SCMP_ARCH_MIPSEL",
|
|
|
|
"SCMP_ARCH_MIPSEL64",
|
2016-06-23 01:53:32 +08:00
|
|
|
"SCMP_ARCH_MIPSEL64N32",
|
|
|
|
"SCMP_ARCH_PPC",
|
|
|
|
"SCMP_ARCH_PPC64",
|
|
|
|
"SCMP_ARCH_PPC64LE",
|
|
|
|
"SCMP_ARCH_S390",
|
|
|
|
"SCMP_ARCH_S390X"
|
2016-01-20 00:27:47 +08:00
|
|
|
]
|
|
|
|
},
|
|
|
|
"SeccompAction": {
|
|
|
|
"type": "string",
|
|
|
|
"enum": [
|
|
|
|
"SCMP_ACT_KILL",
|
|
|
|
"SCMP_ACT_TRAP",
|
|
|
|
"SCMP_ACT_ERRNO",
|
|
|
|
"SCMP_ACT_TRACE",
|
|
|
|
"SCMP_ACT_ALLOW"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"SeccompOperators": {
|
|
|
|
"type": "string",
|
|
|
|
"enum": [
|
|
|
|
"SCMP_CMP_NE",
|
|
|
|
"SCMP_CMP_LT",
|
|
|
|
"SCMP_CMP_LE",
|
|
|
|
"SCMP_CMP_EQ",
|
|
|
|
"SCMP_CMP_GE",
|
|
|
|
"SCMP_CMP_GT",
|
|
|
|
"SCMP_CMP_MASKED_EQ"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"SyscallArg": {
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"index": {
|
|
|
|
"$ref": "defs.json#/definitions/uint32"
|
|
|
|
},
|
|
|
|
"value": {
|
|
|
|
"$ref": "defs.json#/definitions/uint64"
|
|
|
|
},
|
|
|
|
"valueTwo": {
|
|
|
|
"$ref": "defs.json#/definitions/uint64"
|
|
|
|
},
|
|
|
|
"op": {
|
|
|
|
"$ref": "#/definitions/SeccompOperators"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"Syscall": {
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"name": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
|
|
|
"action": {
|
|
|
|
"$ref": "#/definitions/SeccompAction"
|
|
|
|
},
|
|
|
|
"args": {
|
|
|
|
"type": "array",
|
|
|
|
"items": {
|
|
|
|
"$ref": "#/definitions/SyscallArg"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"Capability": {
|
|
|
|
"description": "Linux process permissions",
|
|
|
|
"type": "string",
|
|
|
|
"pattern": "^CAP_([A-Z]|_)+$"
|
|
|
|
},
|
|
|
|
"Major": {
|
|
|
|
"description": "major device number",
|
|
|
|
"$ref": "defs.json#/definitions/uint16"
|
|
|
|
},
|
|
|
|
"Minor": {
|
|
|
|
"description": "minor device number",
|
|
|
|
"$ref": "defs.json#/definitions/uint16"
|
|
|
|
},
|
|
|
|
"FileMode": {
|
|
|
|
"description": "File permissions mode (typically an octal value)",
|
|
|
|
"type": "integer",
|
|
|
|
"minimum": 0,
|
|
|
|
"maximum": 512
|
|
|
|
},
|
|
|
|
"FilePermissions": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
|
|
|
"FileType": {
|
2016-04-07 05:04:18 +08:00
|
|
|
"description": "Type of a block or special character device",
|
|
|
|
"type": "string",
|
|
|
|
"pattern": "^[cbup]$"
|
2016-01-20 00:27:47 +08:00
|
|
|
},
|
|
|
|
"Device": {
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"type": {
|
|
|
|
"$ref": "#/definitions/FileType"
|
|
|
|
},
|
|
|
|
"permissions": {
|
|
|
|
"$ref": "#/definitions/FilePermissions"
|
|
|
|
},
|
|
|
|
"path": {
|
|
|
|
"$ref": "defs.json#/definitions/FilePath"
|
|
|
|
},
|
|
|
|
"fileMode": {
|
|
|
|
"$ref": "#/definitions/FileMode"
|
|
|
|
},
|
|
|
|
"major": {
|
|
|
|
"$ref": "#/definitions/Major"
|
|
|
|
},
|
|
|
|
"minor": {
|
|
|
|
"$ref": "#/definitions/Minor"
|
|
|
|
},
|
|
|
|
"uid": {
|
|
|
|
"$ref": "defs.json#/definitions/UID"
|
|
|
|
},
|
|
|
|
"gid": {
|
|
|
|
"$ref": "defs.json#/definitions/GID"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"blkioWeight": {
|
|
|
|
"type": "integer",
|
|
|
|
"minimum": 10,
|
|
|
|
"maximum": 1000
|
|
|
|
},
|
|
|
|
"blkioWeightPointer": {
|
|
|
|
"oneOf": [
|
|
|
|
{
|
|
|
|
"$ref": "#/definitions/blkioWeight"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "null"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"blockIODevice": {
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"major": {
|
|
|
|
"$ref": "#/definitions/Major"
|
|
|
|
},
|
|
|
|
"minor": {
|
|
|
|
"$ref": "#/definitions/Minor"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"required": [
|
|
|
|
"major",
|
|
|
|
"minor"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"blockIODeviceWeight": {
|
|
|
|
"type": "object",
|
|
|
|
"allOf": [
|
|
|
|
{
|
|
|
|
"$ref": "#/definitions/blockIODevice"
|
|
|
|
},
|
|
|
|
{
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"weight": {
|
|
|
|
"$ref": "#/definitions/blkioWeightPointer"
|
|
|
|
},
|
|
|
|
"leafWeight": {
|
|
|
|
"$ref": "#/definitions/blkioWeightPointer"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"blockIODeviceWeightPointer": {
|
|
|
|
"oneOf": [
|
|
|
|
{
|
|
|
|
"$ref": "#/definitions/blockIODeviceWeight"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "null"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"blockIODeviceThrottle": {
|
|
|
|
"allOf": [
|
|
|
|
{
|
|
|
|
"$ref": "#/definitions/blockIODevice"
|
|
|
|
},
|
|
|
|
{
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"rate": {
|
|
|
|
"$ref": "defs.json#/definitions/uint64Pointer"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"blockIODeviceThrottlePointer": {
|
|
|
|
"oneOf": [
|
|
|
|
{
|
|
|
|
"$ref": "#/definitions/blockIODeviceThrottle"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "null"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
"NetworkInterfacePriority": {
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"name": {
|
|
|
|
"type": "string"
|
|
|
|
},
|
|
|
|
"priority": {
|
|
|
|
"$ref": "defs.json#/definitions/uint32"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"NamespaceType": {
|
|
|
|
"type": "string",
|
|
|
|
"enum": [
|
|
|
|
"mount",
|
|
|
|
"pid",
|
|
|
|
"network",
|
|
|
|
"uts",
|
|
|
|
"ipc",
|
2016-05-28 13:02:35 +08:00
|
|
|
"user",
|
|
|
|
"cgroup"
|
2016-01-20 00:27:47 +08:00
|
|
|
]
|
|
|
|
},
|
|
|
|
"NamespaceReference": {
|
2016-08-11 05:14:25 +08:00
|
|
|
"type": "object",
|
2016-01-20 00:27:47 +08:00
|
|
|
"properties": {
|
|
|
|
"type": {
|
|
|
|
"$ref": "#/definitions/NamespaceType"
|
|
|
|
},
|
|
|
|
"path": {
|
|
|
|
"$ref": "defs.json#/definitions/FilePath"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|