jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update github.com/opecontainers/specs to 5b31bb2b77 

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>

Make runc changes required to pull in the updated spec

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
Mrunal Patel 2015-08-03 15:00:36 -04:00
parent 2fbe13aac3
commit 5f65056c89
11 changed files with 420 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Godeps/Godeps.json generated
View File

@ -48,7 +48,7 @@
},
{
"ImportPath": "github.com/opencontainers/specs",
"Rev": "08873003592da169f89ec7c671ed34e1a2333ef8"
"Rev": "5b31bb2b7771e5074a4eb14eca432da1ca5182d6"
},
{
"ImportPath": "github.com/syndtr/gocapability/capability",

191
Godeps/_workspace/src/github.com/opencontainers/specs/LICENSE generated vendored Normal file
View File

@ -0,0 +1,191 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Copyright 2015 The Linux Foundation.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

86
Godeps/_workspace/src/github.com/opencontainers/specs/README.md generated vendored
View File

@ -1,6 +1,6 @@
# Open Container Specifications
This project is where the Open Container Project Specifications are written. This is a work in progress. We should have a first draft by end of July 2015.
This project is where the [Open Container Initiative](http://www.opencontainers.org/) Specifications are written. This is a work in progress. We should have a first draft by end of July 2015.
Table of Contents
@ -9,6 +9,14 @@ Table of Contents
- [Linux Specific Configuration](config-linux.md)
- [Runtime and Lifecycle](runtime.md)
## Use Cases
To provide context for users the following section gives example use cases for each part of the spec.
### Filesystem Bundle & Configuration
- A user can create a root filesystem and configuration, with low-level OS and host specific details, and launch it as a container under an Open Container runtime.
# The 5 principles of Standard Containers
Define a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container.
@ -43,3 +51,79 @@ There are 17 million shipping containers in existence, packed with every physica
With Standard Containers we can put an end to that embarrassment, by making INDUSTRIAL-GRADE DELIVERY of software a reality.
# Contributing
Development happens on github for the spec. Issues are used for bugs and actionable items and longer
discussions can happen on the mailing list. You can subscribe and join the mailing list on
[google groups](https://groups.google.com/a/opencontainers.org/forum/#!forum/dev).
The specification and code is licensed under the Apache 2.0 license found in
the `LICENSE` file of this repository.
## Weekly Call
The contributors and maintainers of the project have a weekly meeting Wednesdays at 10:00 AM PST.
Everyone is welcome to participate in the call. The link to the call will be posted on the mailing
list each week along with set topics for discussion.
Minutes for the call will be posted to the mailing list for those who are unable to join the call.
## Markdown style
To keep consistency throughout the Markdown files in the Open Container spec all files should be formatted one sentence per line.
This fixes two things: it makes diffing easier with git and it resolves fights about line wrapping length.
For example, this paragraph will span three lines in the Markdown source.
### Sign your work
The sign-off is a simple line at the end of the explanation for the
patch, which certifies that you wrote it or otherwise have the right to
pass it on as an open-source patch. The rules are pretty simple: if you
can certify the below (from
[developercertificate.org](http://developercertificate.org/)):
```
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
660 York Street, Suite 102,
San Francisco, CA 94110 USA
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
```
then you just add a line to every git commit message:
Signed-off-by: Joe Smith <joe@gmail.com>
using your real name (sorry, no pseudonyms or anonymous contributions.)
You can add the sign off when creating the git commit via `git commit -s`.

2
Godeps/_workspace/src/github.com/opencontainers/specs/bundle.md generated vendored
View File

@ -21,7 +21,7 @@ One or more *content directories* may be adjacent to the configuration file. Thi
```
/
!
-- config.json
--- config.json
!
--- rootfs
!

15
Godeps/_workspace/src/github.com/opencontainers/specs/config-linux.md generated vendored
View File

@ -97,7 +97,7 @@ in [the man page](http://man7.org/linux/man-pages/man7/capabilities.7.html)
sysctl allows kernel parameters to be modified at runtime for the container.
For more information, see [the man page](http://man7.org/linux/man-pages/man8/sysctl.8.html)
```
```json
"sysctl": {
"net.ipv4.ip_forward": "1",
"net.core.somaxconn": "256"
@ -106,7 +106,7 @@ For more information, see [the man page](http://man7.org/linux/man-pages/man8/sy
## Linux rlimits
```
```json
"rlimits": [
{
"type": "RLIMIT_NPROC",
@ -120,7 +120,7 @@ rlimits allow setting resource limits. The type is from the values defined in [t
## Linux user namespace mappings
```
```json
"uidMappings": [
{
"hostID": 1000,
@ -137,7 +137,14 @@ rlimits allow setting resource limits. The type is from the values defined in [t
]
```
uid/gid mappings describe the user namespace mappings from the host to the container. *from* is the starting uid/gid on the host to be mapped to *to* which is the starting uid/gid in the container and *count* refers to the number of ids to be mapped. The Linux kernel has a limit of 5 such mappings that can be specified.
uid/gid mappings describe the user namespace mappings from the host to the container. *hostID* is the starting uid/gid on the host to be mapped to *containerID* which is the starting uid/gid in the container and *size* refers to the number of ids to be mapped. The Linux kernel has a limit of 5 such mappings that can be specified.
## Rootfs Mount Propagation
rootfsPropagation sets the rootfs's mount propagation. Its value is either slave, private, or shared. [The kernel doc](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt) has more information about mount propagation.
```json
"rootfsPropagation": "slave",
```
## Security

4
Godeps/_workspace/src/github.com/opencontainers/specs/config.md generated vendored
View File

@ -80,8 +80,8 @@ Additional filesystems can be declared as "mounts", specified in the *mounts* ar
"mounts": [
{
"type": "ntfs",
"source": "\\?\Volume\{2eca078d-5cbc-43d3-aff8-7e8511f60d0e}\",
"destination": "C:\Users\crosbymichael\My Fancy Mount Point\",
"source": "\\\\?\\Volume\\{2eca078d-5cbc-43d3-aff8-7e8511f60d0e}\\",
"destination": "C:\\Users\\crosbymichael\\My Fancy Mount Point\\",
"options": ""
}
]

46
Godeps/_workspace/src/github.com/opencontainers/specs/runtime.md generated vendored
View File

@ -12,6 +12,48 @@ Runs a process in a container. Can be invoked several times.
### Stop (process)
Not sure we need that from oc cli. Process is killed from the outside.
Not sure we need that from runc cli. Process is killed from the outside.
This event needs to be captured by oc to run onstop event handlers.
This event needs to be captured by runc to run onstop event handlers.
## Hooks
Hooks allow one to run code before/after various lifecycle events of the container.
The state of the container is passed to the hooks over stdin, so the hooks could get the information they need to do their work.
Hook paths are absolute and are executed from the host's filesystem.
### Pre-start
The pre-start hooks are called after the container process is spawned, but before the user supplied command is executed.
They are called after the container namespaces are created on Linux, so they provide an opportunity to customize the container.
In Linux, for e.g., the network namespace could be configured in this hook.
If a hook returns a non-zero exit code, then an error including the exit code and the stderr is returned to the caller and the container is torn down.
### Post-stop
The post-stop hooks are called after the container process is stopped. Cleanup or debugging could be performed in such a hook.
If a hook returns a non-zero exit code, then an error is logged and the remaining hooks are executed.
*Example*
```json
"hooks" : {
"prestart": [
{
"path": "/usr/bin/fix-mounts",
"args": ["arg1", "arg2"],
"env": [ "key1=value1"]
},
{
"path": "/usr/bin/setup-network"
}
],
"poststop": [
{
"path": "/usr/sbin/cleanup.sh",
"args": ["-f"]
}
]
}
```
`path` is required for a hook. `args` and `env` are optional.

19
Godeps/_workspace/src/github.com/opencontainers/specs/spec.go generated vendored
View File

@ -11,10 +11,20 @@ type Spec struct {
Process Process `json:"process"`
// Root is the root information for the container's filesystem.
Root Root `json:"root"`
// Hostname is the containers host name.
// Hostname is the container's host name.
Hostname string `json:"hostname"`
// Mounts profile configuration for adding mounts to the container's filesystem.
Mounts []Mount `json:"mounts"`
// Hooks are the commands run at various lifecycle events of the container.
Hooks Hooks `json:"hooks"`
}
type Hooks struct {
// Prestart is a list of hooks to be run before the container process is executed.
// On Linux, they are run after the container namespaces are created.
Prestart []Hook `json:"prestart"`
// Poststop is a list of hooks to be run after the container process exits.
Poststop []Hook `json:"poststop"`
}
// Mount specifies a mount for a container.
@ -61,3 +71,10 @@ type Platform struct {
// Arch is the architecture
Arch string `json:"arch"`
}
// Hook specifies a command that is run at a particular event in the lifecycle of a container.
type Hook struct {
Path string `json:"path"`
Args []string `json:"args"`
Env []string `json:"env"`
}

117
Godeps/_workspace/src/github.com/opencontainers/specs/spec_linux.go generated vendored
View File

@ -2,101 +2,107 @@
package specs
// LinuxSpec is the full specification for linux containers.
// LinuxSpec is the full specification for Linux containers
type LinuxSpec struct {
Spec
// Linux is platform specific configuration for linux based containers.
// Linux is platform specific configuration for Linux based containers
Linux Linux `json:"linux"`
}
// Linux contains platform specific configuration for linux based containers.
// Linux contains platform specific configuration for Linux based containers
type Linux struct {
// UidMapping specifies user mappings for supporting user namespaces on linux.
UidMappings []IDMapping `json:"uidMappings"`
// UidMapping specifies group mappings for supporting user namespaces on linux.
GidMappings []IDMapping `json:"gidMappings"`
// Rlimits specifies rlimit options to apply to the container's process.
// UIDMapping specifies user mappings for supporting user namespaces on Linux
UIDMappings []IDMapping `json:"uidMappings"`
// GIDMapping specifies group mappings for supporting user namespaces on Linux
GIDMappings []IDMapping `json:"gidMappings"`
// Rlimits specifies rlimit options to apply to the container's process
Rlimits []Rlimit `json:"rlimits"`
// Sysctl are a set of key value pairs that are set for the container on start.
// Sysctl are a set of key value pairs that are set for the container on start
Sysctl map[string]string `json:"sysctl"`
// Resources contain cgroup information for handling resource constraints
// for the container.
// for the container
Resources Resources `json:"resources"`
// Namespaces contains the namespaces that are created and/or joined by the container.
// Namespaces contains the namespaces that are created and/or joined by the container
Namespaces []Namespace `json:"namespaces"`
// Capabilities are linux capabilities that are kept for the container.
// Capabilities are Linux capabilities that are kept for the container
Capabilities []string `json:"capabilities"`
// Devices are a list of device nodes that are created and enabled for the container.
// Devices are a list of device nodes that are created and enabled for the container
Devices []string `json:"devices"`
// RootfsPropagation is the rootfs mount propagation mode for the container
RootfsPropagation string `json:"rootfsPropagation"`
}
// User specifies linux specific user and group information for the container's
// main process.
// User specifies Linux specific user and group information for the container's
// main process
type User struct {
// Uid is the user id.
Uid int32 `json:"uid"`
// Gid is the group id.
Gid int32 `json:"gid"`
// AdditionalGids are additional group ids set the the container's process.
// Uid is the user id
UID int32 `json:"uid"`
// Gid is the group id
GID int32 `json:"gid"`
// AdditionalGids are additional group ids set for the container's process
AdditionalGids []int32 `json:"additionalGids"`
}
// Namespace is the configuration for a linux namespace.
// Namespace is the configuration for a Linux namespace
type Namespace struct {
// Type is the type of linux namespace.
// Type is the type of Linux namespace
Type string `json:"type"`
// Path is a path to an existing namespace persisted on disk that can be joined
// and is of the same type.
// and is of the same type
Path string `json:"path"`
}
// IDMapping specifies uid/gid mappings.
// IDMapping specifies UID/GID mappings
type IDMapping struct {
// HostID is the uid/gid of the host user or group.
// HostID is the UID/GID of the host user or group
HostID int32 `json:"hostID"`
// ContainerID is the uid/gid of the container's user or group.
// ContainerID is the UID/GID of the container's user or group
ContainerID int32 `json:"containerID"`
// Size is the length of the range of IDs mapped between the two namespaces.
// Size is the length of the range of IDs mapped between the two namespaces
Size int32 `json:"size"`
}
// Rlimit type and restrictions.
// Rlimit type and restrictions
type Rlimit struct {
// Type of the rlimit to set.
// Type of the rlimit to set
Type int `json:"type"`
// Hard is the hard limit for the specified type.
// Hard is the hard limit for the specified type
Hard uint64 `json:"hard"`
// Soft is the soft limit for the specified type.
// Soft is the soft limit for the specified type
Soft uint64 `json:"soft"`
}
// HugepageLimit structure corresponds to limiting kernel hugepages
type HugepageLimit struct {
Pagesize string `json:"pageSize"`
Limit int `json:"limit"`
}
// InterfacePriority for network interfaces
type InterfacePriority struct {
// Name is the name of the network interface.
// Name is the name of the network interface
Name string `json:"name"`
// Priority for the interface.
// Priority for the interface
Priority int64 `json:"priority"`
}
// BlockIO for Linux cgroup 'blockio' resource management
type BlockIO struct {
// Specifies per cgroup weight, range is from 10 to 1000.
// Specifies per cgroup weight, range is from 10 to 1000
Weight int64 `json:"blkioWeight"`
// Weight per cgroup per device, can override BlkioWeight.
// Weight per cgroup per device, can override BlkioWeight
WeightDevice string `json:"blkioWeightDevice"`
// IO read rate limit per cgroup per device, bytes per second.
// IO read rate limit per cgroup per device, bytes per second
ThrottleReadBpsDevice string `json:"blkioThrottleReadBpsDevice"`
// IO write rate limit per cgroup per divice, bytes per second.
// IO write rate limit per cgroup per divice, bytes per second
ThrottleWriteBpsDevice string `json:"blkioThrottleWriteBpsDevice"`
// IO read rate limit per cgroup per device, IO per second.
// IO read rate limit per cgroup per device, IO per second
ThrottleReadIOpsDevice string `json:"blkioThrottleReadIopsDevice"`
// IO write rate limit per cgroup per device, IO per second.
// IO write rate limit per cgroup per device, IO per second
ThrottleWriteIOpsDevice string `json:"blkioThrottleWriteIopsDevice"`
}
// Memory for Linux cgroup 'memory' resource management
type Memory struct {
// Memory limit (in bytes)
Limit int64 `json:"limit"`
@ -106,45 +112,48 @@ type Memory struct {
Swap int64 `json:"swap"`
// Kernel memory limit (in bytes)
Kernel int64 `json:"kernel"`
// How aggressive the kernel will swap memory pages. Range from 0 to 100. Set -1 to use system default.
// How aggressive the kernel will swap memory pages. Range from 0 to 100. Set -1 to use system default
Swappiness int64 `json:"swappiness"`
}
// CPU for Linux cgroup 'cpu' resource management
type CPU struct {
// CPU shares (relative weight vs. other cgroups with cpu shares).
// CPU shares (relative weight vs. other cgroups with cpu shares)
Shares int64 `json:"shares"`
// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
// CPU hardcap limit (in usecs). Allowed cpu time in a given period
Quota int64 `json:"quota"`
// CPU period to be used for hardcapping (in usecs). 0 to use system default.
// CPU period to be used for hardcapping (in usecs). 0 to use system default
Period int64 `json:"period"`
// How many time CPU will use in realtime scheduling (in usecs).
// How many time CPU will use in realtime scheduling (in usecs)
RealtimeRuntime int64 `json:"realtimeRuntime"`
// CPU period to be used for realtime scheduling (in usecs).
// CPU period to be used for realtime scheduling (in usecs)
RealtimePeriod int64 `json:"realtimePeriod"`
// CPU to use within the cpuset.
// CPU to use within the cpuset
Cpus string `json:"cpus"`
// MEM to use within the cpuset.
// MEM to use within the cpuset
Mems string `json:"mems"`
}
// Network identification and priority configuration
type Network struct {
// Set class identifier for container's network packets.
// Set class identifier for container's network packets
ClassID string `json:"classId"`
// Set priority of network traffic for container.
// Set priority of network traffic for container
Priorities []InterfacePriority `json:"priorities"`
}
// Resources has container runtime resource constraints
type Resources struct {
// DisableOOMKiller disables the OOM killer for out of memory conditions.
// DisableOOMKiller disables the OOM killer for out of memory conditions
DisableOOMKiller bool `json:"disableOOMKiller"`
// Memory restriction configuration.
// Memory restriction configuration
Memory Memory `json:"memory"`
// CPU resource restriction configuration.
// CPU resource restriction configuration
CPU CPU `json:"cpu"`
// BlockIO restriction configuration.
// BlockIO restriction configuration
BlockIO BlockIO `json:"blockIO"`
// Hugetlb limit (in bytes)
HugepageLimits []HugepageLimit `json:"hugepageLimits"`
// Network restriction configuration.
// Network restriction configuration
Network Network `json:"network"`
}

6
spec.go
View File

@ -316,7 +316,7 @@ func setReadonly(config *configs.Config) {
}
func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
if len(spec.Linux.UidMappings) == 0 {
if len(spec.Linux.UIDMappings) == 0 {
return nil
}
config.Namespaces.Add(configs.NEWUSER, "")
@ -327,10 +327,10 @@ func setupUserNamespace(spec *specs.LinuxSpec, config *configs.Config) error {
Size: int(m.Size),
}
}
for _, m := range spec.Linux.UidMappings {
for _, m := range spec.Linux.UIDMappings {
config.UidMappings = append(config.UidMappings, create(m))
}
for _, m := range spec.Linux.GidMappings {
for _, m := range spec.Linux.GIDMappings {
config.GidMappings = append(config.GidMappings, create(m))
}
rootUid, err := config.HostUID()

2
utils.go
View File

@ -168,7 +168,7 @@ func newProcess(p specs.Process) *libcontainer.Process {
Args: p.Args,
Env: p.Env,
// TODO: fix libcontainer's API to better support uid/gid in a typesafe way.
User: fmt.Sprintf("%d:%d", p.User.Uid, p.User.Gid),
User: fmt.Sprintf("%d:%d", p.User.UID, p.User.GID),
Cwd: p.Cwd,
Stdin: os.Stdin,
Stdout: os.Stdout,