jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updated sample config and README to match the default template for 

native execdriver.

Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
This commit is contained in:
Rohit Jnagal 2014-04-25 06:02:30 +00:00
parent dd1f9b5346
commit 70b560a66d
3 changed files with 39 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -43,11 +43,11 @@ Sample `container.json` file:
"capabilities_mask" : [ "capabilities_mask" : [
{ {
"key": "SETPCAP", "key": "SETPCAP",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_MODULE", "key": "SYS_MODULE",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_RAWIO", "key": "SYS_RAWIO",
@ -55,27 +55,27 @@ Sample `container.json` file:
}, },
{ {
"key": "SYS_PACCT", "key": "SYS_PACCT",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_ADMIN", "key": "SYS_ADMIN",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_NICE", "key": "SYS_NICE",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_RESOURCE", "key": "SYS_RESOURCE",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_TIME", "key": "SYS_TIME",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_TTY_CONFIG", "key": "SYS_TTY_CONFIG",
"enabled": true "enabled": false
}, },
{ {
"key": "MKNOD", "key": "MKNOD",
@ -83,23 +83,23 @@ Sample `container.json` file:
}, },
{ {
"key": "AUDIT_WRITE", "key": "AUDIT_WRITE",
"enabled": true "enabled": false
}, },
{ {
"key": "AUDIT_CONTROL", "key": "AUDIT_CONTROL",
"enabled": true "enabled": false
}, },
{ {
"key": "MAC_OVERRIDE", "key": "MAC_OVERRIDE",
"enabled": true "enabled": false
}, },
{ {
"key": "MAC_ADMIN", "key": "MAC_ADMIN",
"enabled": true "enabled": false
}, },
{ {
"key": "NET_ADMIN", "key": "NET_ADMIN",
"enabled": true "enabled": false
} }
], ],
"context" : { "context" : {

26
container.json
View File

@ -32,11 +32,11 @@
"capabilities_mask": [ "capabilities_mask": [
{ {
"key": "SETPCAP", "key": "SETPCAP",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_MODULE", "key": "SYS_MODULE",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_RAWIO", "key": "SYS_RAWIO",
@ -44,27 +44,27 @@
}, },
{ {
"key": "SYS_PACCT", "key": "SYS_PACCT",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_ADMIN", "key": "SYS_ADMIN",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_NICE", "key": "SYS_NICE",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_RESOURCE", "key": "SYS_RESOURCE",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_TIME", "key": "SYS_TIME",
"enabled": true "enabled": false
}, },
{ {
"key": "SYS_TTY_CONFIG", "key": "SYS_TTY_CONFIG",
"enabled": true "enabled": false
}, },
{ {
"key": "MKNOD", "key": "MKNOD",
@ -72,23 +72,23 @@
}, },
{ {
"key": "AUDIT_WRITE", "key": "AUDIT_WRITE",
"enabled": true "enabled": false
}, },
{ {
"key": "AUDIT_CONTROL", "key": "AUDIT_CONTROL",
"enabled": true "enabled": false
}, },
{ {
"key": "MAC_OVERRIDE", "key": "MAC_OVERRIDE",
"enabled": true "enabled": false
}, },
{ {
"key": "MAC_ADMIN", "key": "MAC_ADMIN",
"enabled": true "enabled": false
}, },
{ {
"key": "NET_ADMIN", "key": "NET_ADMIN",
"enabled": true "enabled": false
} }
], ],
"networks": [{ "networks": [{

17
container_test.go
View File

@ -15,8 +15,7 @@ func TestContainerJsonFormat(t *testing.T) {
var container *Container var container *Container
if err := json.NewDecoder(f).Decode(&container); err != nil { if err := json.NewDecoder(f).Decode(&container); err != nil {
t.Log("failed to decode container config") t.Fatal("failed to decode container config")
t.FailNow()
} }
if container.Hostname != "koye" { if container.Hostname != "koye" {
t.Log("hostname is not set") t.Log("hostname is not set")
@ -39,12 +38,22 @@ func TestContainerJsonFormat(t *testing.T) {
} }
if !container.CapabilitiesMask.Contains("SYS_ADMIN") { if !container.CapabilitiesMask.Contains("SYS_ADMIN") {
t.Log("capabilities should contain SYS_ADMIN") t.Log("capabilities mask should contain SYS_ADMIN")
t.Fail()
}
if container.CapabilitiesMask.Get("SYS_ADMIN").Enabled {
t.Log("SYS_ADMIN should not be enabled in capabilities mask")
t.Fail()
}
if !container.CapabilitiesMask.Get("MKNOD").Enabled {
t.Log("MKNOD should be enabled in capabilities mask")
t.Fail() t.Fail()
} }
if container.CapabilitiesMask.Contains("SYS_CHROOT") { if container.CapabilitiesMask.Contains("SYS_CHROOT") {
t.Log("capabitlies should not contain SYS_CHROOT") t.Log("capabilities mask should not contain SYS_CHROOT")
t.Fail() t.Fail()
} }