2015-07-03 01:01:27 +08:00
package specs
// Spec is the base configuration for the container. It specifies platform
2015-10-30 22:32:56 +08:00
// independent configuration. This information must be included when the
// bundle is packaged for distribution.
2015-07-03 01:01:27 +08:00
type Spec struct {
// Version is the version of the specification that is supported.
2016-01-14 07:10:54 +08:00
Version string ` json:"ociVersion" `
2015-07-03 01:01:27 +08:00
// Platform is the host information for OS and Arch.
Platform Platform ` json:"platform" `
// Process is the container's main process.
Process Process ` json:"process" `
// Root is the root information for the container's filesystem.
Root Root ` json:"root" `
2015-07-10 17:23:13 +08:00
// Hostname is the container's host name.
2015-12-23 18:52:47 +08:00
Hostname string ` json:"hostname,omitempty" `
2015-07-03 01:01:27 +08:00
// Mounts profile configuration for adding mounts to the container's filesystem.
config: Single, unified config file
Reverting 7232e4b1 (specs: introduce the concept of a runtime.json,
2015-07-30, #88) after discussion on the mailing list [1]. The main
reason is that it's hard to draw a clear line around "inherently
runtime-specific" or "non-portable", so we shouldn't try to do that in
the spec. Folks who want to flag settings as non-portable for their
own system are welcome to do so (e.g. "we will clobber 'hooks' in
bundles we run") are welcome to do so, but we don't have to have
to split the config into multiple files to do that.
There have been a number of additional changes since #88, so this
isn't a pure Git reversion. Besides copy-pasting and the associated
link-target updates, I've:
* Restored path -> destination, now that the mount type contains both
source and target paths again. I'd prefer 'target' to 'destination'
to match mount(2), but the pre-7232e4b1 phrasing was 'destination'
(possibly due to Windows using 'target' for the source?).
* Restored the Windows mount example to its pre-7232e4b1 content.
* Removed required mounts from the config example (requirements landed
in 3848a238, config-linux: specify the default devices/filesystems
available, 2015-09-09, #164), because specifying those mounts in the
config is now redundant.
* Used headers (vs. bold paragraphs) to set off mount examples so we
get link anchors in the rendered Markdown.
* Replaced references to runtime.json with references to config.json.
[1]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/0QbyJDM9fWY
Subject: Single, unified config file (i.e. rolling back specs#88)
Date: Wed, 4 Nov 2015 09:53:20 -0800
Message-ID: <20151104175320.GC24652@odin.tremily.us>
Signed-off-by: W. Trevor King <wking@tremily.us>
2015-12-29 02:06:40 +08:00
Mounts [ ] Mount ` json:"mounts" `
// Hooks are the commands run at various lifecycle events of the container.
Hooks Hooks ` json:"hooks" `
2016-03-05 03:10:48 +08:00
// Annotations is an unstructured key value map that may be set by external tools to store and retrieve arbitrary metadata.
Annotations map [ string ] string ` json:"annotations,omitempty" `
2015-07-03 01:01:27 +08:00
}
// Process contains information to start a specific application inside the container.
type Process struct {
// Terminal creates an interactive terminal for the container.
Terminal bool ` json:"terminal" `
// User specifies user information for the process.
User User ` json:"user" `
// Args specifies the binary and arguments for the application to execute.
Args [ ] string ` json:"args" `
// Env populates the process environment for the process.
2015-12-23 18:52:47 +08:00
Env [ ] string ` json:"env,omitempty" `
2015-07-03 01:01:27 +08:00
// Cwd is the current working directory for the process and must be
// relative to the container's root.
2016-01-14 06:18:39 +08:00
Cwd string ` json:"cwd" `
2016-03-03 03:40:09 +08:00
// Capabilities are linux capabilities that are kept for the container.
Capabilities [ ] string ` json:"capabilities,omitempty" `
// ApparmorProfile specified the apparmor profile for the container.
ApparmorProfile string ` json:"apparmorProfile,omitempty" `
2016-03-10 03:59:04 +08:00
// SelinuxLabel specifies the selinux context that the container process is run as.
2016-03-03 03:40:09 +08:00
SelinuxLabel string ` json:"selinuxLabel,omitempty" `
// NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
NoNewPrivileges bool ` json:"noNewPrivileges,omitempty" `
2015-07-03 01:01:27 +08:00
}
// Root contains information about the container's root filesystem on the host.
type Root struct {
// Path is the absolute path to the container's root filesystem.
Path string ` json:"path" `
// Readonly makes the root filesystem for the container readonly before the process is executed.
Readonly bool ` json:"readonly" `
}
// Platform specifies OS and arch information for the host system that the container
// is created for.
type Platform struct {
// OS is the operating system.
OS string ` json:"os" `
// Arch is the architecture
Arch string ` json:"arch" `
}
2015-08-04 01:52:52 +08:00
config: Single, unified config file
Reverting 7232e4b1 (specs: introduce the concept of a runtime.json,
2015-07-30, #88) after discussion on the mailing list [1]. The main
reason is that it's hard to draw a clear line around "inherently
runtime-specific" or "non-portable", so we shouldn't try to do that in
the spec. Folks who want to flag settings as non-portable for their
own system are welcome to do so (e.g. "we will clobber 'hooks' in
bundles we run") are welcome to do so, but we don't have to have
to split the config into multiple files to do that.
There have been a number of additional changes since #88, so this
isn't a pure Git reversion. Besides copy-pasting and the associated
link-target updates, I've:
* Restored path -> destination, now that the mount type contains both
source and target paths again. I'd prefer 'target' to 'destination'
to match mount(2), but the pre-7232e4b1 phrasing was 'destination'
(possibly due to Windows using 'target' for the source?).
* Restored the Windows mount example to its pre-7232e4b1 content.
* Removed required mounts from the config example (requirements landed
in 3848a238, config-linux: specify the default devices/filesystems
available, 2015-09-09, #164), because specifying those mounts in the
config is now redundant.
* Used headers (vs. bold paragraphs) to set off mount examples so we
get link anchors in the rendered Markdown.
* Replaced references to runtime.json with references to config.json.
[1]: https://groups.google.com/a/opencontainers.org/forum/#!topic/dev/0QbyJDM9fWY
Subject: Single, unified config file (i.e. rolling back specs#88)
Date: Wed, 4 Nov 2015 09:53:20 -0800
Message-ID: <20151104175320.GC24652@odin.tremily.us>
Signed-off-by: W. Trevor King <wking@tremily.us>
2015-12-29 02:06:40 +08:00
// Mount specifies a mount for a container.
type Mount struct {
// Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point.
Destination string ` json:"destination" `
// Type specifies the mount kind.
Type string ` json:"type" `
// Source specifies the source path of the mount. In the case of bind mounts on
// linux based systems this would be the file on the host.
Source string ` json:"source" `
// Options are fstab style mount options.
Options [ ] string ` json:"options,omitempty" `
}
// Hook specifies a command that is run at a particular event in the lifecycle of a container
type Hook struct {
Path string ` json:"path" `
Args [ ] string ` json:"args,omitempty" `
Env [ ] string ` json:"env,omitempty" `
}
// Hooks for container setup and teardown
type Hooks struct {
// Prestart is a list of hooks to be run before the container process is executed.
// On Linux, they are run after the container namespaces are created.
Prestart [ ] Hook ` json:"prestart,omitempty" `
// Poststart is a list of hooks to be run after the container process is started.
Poststart [ ] Hook ` json:"poststart,omitempty" `
// Poststop is a list of hooks to be run after the container process exits.
Poststop [ ] Hook ` json:"poststop,omitempty" `
2015-08-04 01:52:52 +08:00
}
