jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update spec to 239c4e44f2 

This provides updates to runc for the spec changes with *Process and
OOMScoreAdj

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2017-06-01 16:17:21 -07:00
parent a6906d5a53
commit 854b41d81e
11 changed files with 102 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
exec.go
View File

@ -208,5 +208,5 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
} }
p.User.UID = uint32(uid) p.User.UID = uint32(uid)
} }
return &p, nil return p, nil
} }

2
libcontainer/specconv/example.go
View File

@ -23,7 +23,7 @@ func Example() *specs.Spec {
Path: "rootfs", Path: "rootfs",
Readonly: true, Readonly: true,
}, },
Process: specs.Process{ Process: &specs.Process{
Terminal: true, Terminal: true,
User: specs.User{}, User: specs.User{},
Args: []string{ Args: []string{

4
libcontainer/specconv/spec_linux.go
View File

@ -230,8 +230,8 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
config.ProcessLabel = spec.Process.SelinuxLabel config.ProcessLabel = spec.Process.SelinuxLabel
} }
config.Sysctl = spec.Linux.Sysctl config.Sysctl = spec.Linux.Sysctl
if spec.Linux.Resources != nil && spec.Linux.Resources.OOMScoreAdj != nil { if spec.Process != nil && spec.Process.OOMScoreAdj != nil {
config.OomScoreAdj = *spec.Linux.Resources.OOMScoreAdj config.OomScoreAdj = *spec.Process.OOMScoreAdj
} }
if spec.Process.Capabilities != nil { if spec.Process.Capabilities != nil {
config.Capabilities = &configs.Capabilities{ config.Capabilities = &configs.Capabilities{

2
spec.go
View File

@ -134,7 +134,7 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) {
if err = validatePlatform(&spec.Platform); err != nil { if err = validatePlatform(&spec.Platform); err != nil {
return nil, err return nil, err
} }
return spec, validateProcessSpec(&spec.Process) return spec, validateProcessSpec(spec.Process)
} }
func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error) { func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error) {

6
tests/integration/update.bats
View File

@ -31,7 +31,7 @@ function setup() {
"cpus": "0" "cpus": "0"
}, },
"blockio": { "blockio": {
"blkioWeight": 1000 "weight": 1000
}, },
"pids": { "pids": {
"limit": 20 "limit": 20
@ -184,7 +184,7 @@ function check_cgroup_value() {
"cpus": "0" "cpus": "0"
}, },
"blockIO": { "blockIO": {
"blkioWeight": 1000 "weight": 1000
}, },
"pids": { "pids": {
"limit": 20 "limit": 20
@ -235,7 +235,7 @@ EOF
"cpus": "0" "cpus": "0"
}, },
"blockIO": { "blockIO": {
"blkioWeight": 1000 "weight": 1000
}, },
"pids": { "pids": {
"limit": 20 "limit": 20

2
update.go
View File

@ -47,7 +47,7 @@ The accepted format is as follow (unchanged values can be omitted):
"mems": "" "mems": ""
}, },
"blockIO": { "blockIO": {
"blkioWeight": 0 "weight": 0
} }
} }

2
utils_linux.go
View File

@ -392,5 +392,5 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp
action: action, action: action,
criuOpts: criuOpts, criuOpts: criuOpts,
} }
return r.run(&spec.Process) return r.run(spec.Process)
} }

2
vendor.conf
View File

@ -1,7 +1,7 @@
# OCI runtime-spec. When updating this, make sure you use a version tag rather # OCI runtime-spec. When updating this, make sure you use a version tag rather
# than a commit ID so it's much more obvious what version of the spec we are # than a commit ID so it's much more obvious what version of the spec we are
# using. # using.
github.com/opencontainers/runtime-spec v1.0.0-rc5 github.com/opencontainers/runtime-spec 239c4e44f2a612ed85f6db9c66247aa33f437e91
# Core libcontainer functionality. # Core libcontainer functionality.
github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08 github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
github.com/opencontainers/selinux v1.0.0-rc1 github.com/opencontainers/selinux v1.0.0-rc1

17
vendor/github.com/opencontainers/runtime-spec/README.md generated vendored
View File

@ -33,7 +33,7 @@ Example use cases include sophisticated network configuration, volume garbage co
### Runtime Developers ### Runtime Developers
Runtime developers can build runtime implementations that run OCI-compliant bundles and container configuration, containing low-level OS and host specific details, on a particular platform. Runtime developers can build runtime implementations that run OCI-compliant bundles and container configuration, containing low-level OS and host-specific details, on a particular platform.
## Releases ## Releases
@ -60,10 +60,16 @@ When in doubt, start on the [mailing-list](#mailing-list).
### Weekly Call ### Weekly Call
The contributors and maintainers of all OCI projects have a weekly meeting Wednesdays at 2:00 PM (USA Pacific). The contributors and maintainers of all OCI projects have a weekly meeting on Wednesdays at:
Everyone is welcome to participate via [UberConference web][uberconference] or audio-only: 415-968-0849 (no PIN needed.)
* 8:00 AM (USA Pacific), during [odd weeks][iso-week].
* 2:00 PM (USA Pacific), during [even weeks][iso-week].
There is an [iCalendar][rfc5545] format for the meetings [here](meeting.ics).
Everyone is welcome to participate via [UberConference web][uberconference] or audio-only: +1 415 968 0849 (no PIN needed).
An initial agenda will be posted to the [mailing list](#mailing-list) earlier in the week, and everyone is welcome to propose additional topics or suggest other agenda alterations there. An initial agenda will be posted to the [mailing list](#mailing-list) earlier in the week, and everyone is welcome to propose additional topics or suggest other agenda alterations there.
Minutes are posted to the [mailing list](#mailing-list) and minutes from past calls are archived to the [wiki][runtime-wiki]. Minutes are posted to the [mailing list](#mailing-list) and minutes from past calls are archived [here][minutes], with minutes from especially old meetings (September 2015 and earlier) archived [here][runtime-wiki].
### Mailing List ### Mailing List
@ -148,7 +154,10 @@ Read more on [How to Write a Git Commit Message][how-to-git-commit] or the Discu
[dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev [dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev
[how-to-git-commit]: http://chris.beams.io/posts/git-commit [how-to-git-commit]: http://chris.beams.io/posts/git-commit
[irc-logs]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/ [irc-logs]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/
[iso-week]: https://en.wikipedia.org/wiki/ISO_week_date#Calculating_the_week_number_of_a_given_date
[minutes]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/
[oci]: https://www.opencontainers.org [oci]: https://www.opencontainers.org
[rfc5545]: https://tools.ietf.org/html/rfc5545
[runtime-wiki]: https://github.com/opencontainers/runtime-spec/wiki [runtime-wiki]: https://github.com/opencontainers/runtime-spec/wiki
[uberconference]: https://www.uberconference.com/opencontainers [uberconference]: https://www.uberconference.com/opencontainers

120
vendor/github.com/opencontainers/runtime-spec/specs-go/config.go generated vendored
View File

@ -9,7 +9,7 @@ type Spec struct {
// Platform specifies the configuration's target platform. // Platform specifies the configuration's target platform.
Platform Platform `json:"platform"` Platform Platform `json:"platform"`
// Process configures the container process. // Process configures the container process.
Process Process `json:"process"` Process *Process `json:"process,omitempty"`
// Root configures the container's root filesystem. // Root configures the container's root filesystem.
Root Root `json:"root"` Root Root `json:"root"`
// Hostname configures the container's hostname. // Hostname configures the container's hostname.
@ -17,15 +17,15 @@ type Spec struct {
// Mounts configures additional mounts (on top of Root). // Mounts configures additional mounts (on top of Root).
Mounts []Mount `json:"mounts,omitempty"` Mounts []Mount `json:"mounts,omitempty"`
// Hooks configures callbacks for container lifecycle events. // Hooks configures callbacks for container lifecycle events.
Hooks *Hooks `json:"hooks,omitempty"` Hooks *Hooks `json:"hooks,omitempty" platform:"linux,solaris"`
// Annotations contains arbitrary metadata for the container. // Annotations contains arbitrary metadata for the container.
Annotations map[string]string `json:"annotations,omitempty"` Annotations map[string]string `json:"annotations,omitempty"`
// Linux is platform specific configuration for Linux based containers. // Linux is platform-specific configuration for Linux based containers.
Linux *Linux `json:"linux,omitempty" platform:"linux"` Linux *Linux `json:"linux,omitempty" platform:"linux"`
// Solaris is platform specific configuration for Solaris containers. // Solaris is platform-specific configuration for Solaris based containers.
Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"` Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"`
// Windows is platform specific configuration for Windows based containers, including Hyper-V containers. // Windows is platform-specific configuration for Windows based containers.
Windows *Windows `json:"windows,omitempty" platform:"windows"` Windows *Windows `json:"windows,omitempty" platform:"windows"`
} }
@ -34,7 +34,7 @@ type Process struct {
// Terminal creates an interactive terminal for the container. // Terminal creates an interactive terminal for the container.
Terminal bool `json:"terminal,omitempty"` Terminal bool `json:"terminal,omitempty"`
// ConsoleSize specifies the size of the console. // ConsoleSize specifies the size of the console.
ConsoleSize Box `json:"consoleSize,omitempty"` ConsoleSize *Box `json:"consoleSize,omitempty"`
// User specifies user information for the process. // User specifies user information for the process.
User User `json:"user"` User User `json:"user"`
// Args specifies the binary and arguments for the application to execute. // Args specifies the binary and arguments for the application to execute.
@ -52,6 +52,8 @@ type Process struct {
NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
// ApparmorProfile specifies the apparmor profile for the container. // ApparmorProfile specifies the apparmor profile for the container.
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
// Specify an oom_score_adj for the container.
OOMScoreAdj *int `json:"oomScoreAdj,omitempty" platform:"linux"`
// SelinuxLabel specifies the selinux context that the container process is run as. // SelinuxLabel specifies the selinux context that the container process is run as.
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
} }
@ -94,7 +96,7 @@ type User struct {
// Root contains information about the container's root filesystem on the host. // Root contains information about the container's root filesystem on the host.
type Root struct { type Root struct {
// Path is the absolute path to the container's root filesystem. // Path is the absolute path to the container's root filesystem.
Path string `json:"path"` Path string `json:"path,omitempty"`
// Readonly makes the root filesystem for the container readonly before the process is executed. // Readonly makes the root filesystem for the container readonly before the process is executed.
Readonly bool `json:"readonly,omitempty"` Readonly bool `json:"readonly,omitempty"`
} }
@ -110,12 +112,11 @@ type Platform struct {
// Mount specifies a mount for a container. // Mount specifies a mount for a container.
type Mount struct { type Mount struct {
// Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point. // Destination is the absolute path where the mount will be placed in the container.
Destination string `json:"destination"` Destination string `json:"destination"`
// Type specifies the mount kind. // Type specifies the mount kind.
Type string `json:"type,omitempty"` Type string `json:"type,omitempty" platform:"linux,solaris"`
// Source specifies the source path of the mount. In the case of bind mounts on // Source specifies the source path of the mount.
// Linux based systems this would be the file on the host.
Source string `json:"source,omitempty"` Source string `json:"source,omitempty"`
// Options are fstab style mount options. // Options are fstab style mount options.
Options []string `json:"options,omitempty"` Options []string `json:"options,omitempty"`
@ -132,7 +133,6 @@ type Hook struct {
// Hooks for container setup and teardown // Hooks for container setup and teardown
type Hooks struct { type Hooks struct {
// Prestart is a list of hooks to be run before the container process is executed. // Prestart is a list of hooks to be run before the container process is executed.
// On Linux, they are run after the container namespaces are created.
Prestart []Hook `json:"prestart,omitempty"` Prestart []Hook `json:"prestart,omitempty"`
// Poststart is a list of hooks to be run after the container process is started. // Poststart is a list of hooks to be run after the container process is started.
Poststart []Hook `json:"poststart,omitempty"` Poststart []Hook `json:"poststart,omitempty"`
@ -140,11 +140,11 @@ type Hooks struct {
Poststop []Hook `json:"poststop,omitempty"` Poststop []Hook `json:"poststop,omitempty"`
} }
// Linux contains platform specific configuration for Linux based containers. // Linux contains platform-specific configuration for Linux based containers.
type Linux struct { type Linux struct {
// UIDMapping specifies user mappings for supporting user namespaces on Linux. // UIDMapping specifies user mappings for supporting user namespaces.
UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty"` UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty"`
// GIDMapping specifies group mappings for supporting user namespaces on Linux. // GIDMapping specifies group mappings for supporting user namespaces.
GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty"` GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty"`
// Sysctl are a set of key value pairs that are set for the container on start // Sysctl are a set of key value pairs that are set for the container on start
Sysctl map[string]string `json:"sysctl,omitempty"` Sysctl map[string]string `json:"sysctl,omitempty"`
@ -169,11 +169,14 @@ type Linux struct {
ReadonlyPaths []string `json:"readonlyPaths,omitempty"` ReadonlyPaths []string `json:"readonlyPaths,omitempty"`
// MountLabel specifies the selinux context for the mounts in the container. // MountLabel specifies the selinux context for the mounts in the container.
MountLabel string `json:"mountLabel,omitempty"` MountLabel string `json:"mountLabel,omitempty"`
// IntelRdt contains Intel Resource Director Technology (RDT) information
// for handling resource constraints (e.g., L3 cache) for the container
IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"`
} }
// LinuxNamespace is the configuration for a Linux namespace // LinuxNamespace is the configuration for a Linux namespace
type LinuxNamespace struct { type LinuxNamespace struct {
// Type is the type of Linux namespace // Type is the type of namespace
Type LinuxNamespaceType `json:"type"` Type LinuxNamespaceType `json:"type"`
// Path is a path to an existing namespace persisted on disk that can be joined // Path is a path to an existing namespace persisted on disk that can be joined
// and is of the same type // and is of the same type
@ -244,12 +247,12 @@ type linuxBlockIODevice struct {
Minor int64 `json:"minor"` Minor int64 `json:"minor"`
} }
// LinuxWeightDevice struct holds a `major:minor weight` pair for blkioWeightDevice // LinuxWeightDevice struct holds a `major:minor weight` pair for weightDevice
type LinuxWeightDevice struct { type LinuxWeightDevice struct {
linuxBlockIODevice linuxBlockIODevice
// Weight is the bandwidth rate for the device, range is from 10 to 1000 // Weight is the bandwidth rate for the device.
Weight *uint16 `json:"weight,omitempty"` Weight *uint16 `json:"weight,omitempty"`
// LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, CFQ scheduler only
LeafWeight *uint16 `json:"leafWeight,omitempty"` LeafWeight *uint16 `json:"leafWeight,omitempty"`
} }
@ -262,20 +265,20 @@ type LinuxThrottleDevice struct {
// LinuxBlockIO for Linux cgroup 'blkio' resource management // LinuxBlockIO for Linux cgroup 'blkio' resource management
type LinuxBlockIO struct { type LinuxBlockIO struct {
// Specifies per cgroup weight, range is from 10 to 1000 // Specifies per cgroup weight
Weight *uint16 `json:"blkioWeight,omitempty"` Weight *uint16 `json:"weight,omitempty"`
// Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, CFQ scheduler only
LeafWeight *uint16 `json:"blkioLeafWeight,omitempty"` LeafWeight *uint16 `json:"leafWeight,omitempty"`
// Weight per cgroup per device, can override BlkioWeight // Weight per cgroup per device, can override BlkioWeight
WeightDevice []LinuxWeightDevice `json:"blkioWeightDevice,omitempty"` WeightDevice []LinuxWeightDevice `json:"weightDevice,omitempty"`
// IO read rate limit per cgroup per device, bytes per second // IO read rate limit per cgroup per device, bytes per second
ThrottleReadBpsDevice []LinuxThrottleDevice `json:"blkioThrottleReadBpsDevice,omitempty"` ThrottleReadBpsDevice []LinuxThrottleDevice `json:"throttleReadBpsDevice,omitempty"`
// IO write rate limit per cgroup per device, bytes per second // IO write rate limit per cgroup per device, bytes per second
ThrottleWriteBpsDevice []LinuxThrottleDevice `json:"blkioThrottleWriteBpsDevice,omitempty"` ThrottleWriteBpsDevice []LinuxThrottleDevice `json:"throttleWriteBpsDevice,omitempty"`
// IO read rate limit per cgroup per device, IO per second // IO read rate limit per cgroup per device, IO per second
ThrottleReadIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleReadIOPSDevice,omitempty"` ThrottleReadIOPSDevice []LinuxThrottleDevice `json:"throttleReadIOPSDevice,omitempty"`
// IO write rate limit per cgroup per device, IO per second // IO write rate limit per cgroup per device, IO per second
ThrottleWriteIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleWriteIOPSDevice,omitempty"` ThrottleWriteIOPSDevice []LinuxThrottleDevice `json:"throttleWriteIOPSDevice,omitempty"`
} }
// LinuxMemory for Linux cgroup 'memory' resource management // LinuxMemory for Linux cgroup 'memory' resource management
@ -290,7 +293,7 @@ type LinuxMemory struct {
Kernel *uint64 `json:"kernel,omitempty"` Kernel *uint64 `json:"kernel,omitempty"`
// Kernel memory limit for tcp (in bytes) // Kernel memory limit for tcp (in bytes)
KernelTCP *uint64 `json:"kernelTCP,omitempty"` KernelTCP *uint64 `json:"kernelTCP,omitempty"`
// How aggressive the kernel will swap memory pages. Range from 0 to 100. // How aggressive the kernel will swap memory pages.
Swappiness *uint64 `json:"swappiness,omitempty"` Swappiness *uint64 `json:"swappiness,omitempty"`
} }
@ -332,8 +335,6 @@ type LinuxResources struct {
Devices []LinuxDeviceCgroup `json:"devices,omitempty"` Devices []LinuxDeviceCgroup `json:"devices,omitempty"`
// DisableOOMKiller disables the OOM killer for out of memory conditions // DisableOOMKiller disables the OOM killer for out of memory conditions
DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"`
// Specify an oom_score_adj for the container.
OOMScoreAdj *int `json:"oomScoreAdj,omitempty"`
// Memory restriction configuration // Memory restriction configuration
Memory *LinuxMemory `json:"memory,omitempty"` Memory *LinuxMemory `json:"memory,omitempty"`
// CPU resource restriction configuration // CPU resource restriction configuration
@ -380,7 +381,7 @@ type LinuxDeviceCgroup struct {
Access string `json:"access,omitempty"` Access string `json:"access,omitempty"`
} }
// Solaris contains platform specific configuration for Solaris application containers. // Solaris contains platform-specific configuration for Solaris application containers.
type Solaris struct { type Solaris struct {
// SMF FMRI which should go "online" before we start the container process. // SMF FMRI which should go "online" before we start the container process.
Milestone string `json:"milestone,omitempty"` Milestone string `json:"milestone,omitempty"`
@ -427,8 +428,20 @@ type SolarisAnet struct {
// Windows defines the runtime configuration for Windows based containers, including Hyper-V containers. // Windows defines the runtime configuration for Windows based containers, including Hyper-V containers.
type Windows struct { type Windows struct {
// LayerFolders contains a list of absolute paths to directories containing image layers.
LayerFolders []string `json:"layerFolders"`
// Resources contains information for handling resource constraints for the container. // Resources contains information for handling resource constraints for the container.
Resources *WindowsResources `json:"resources,omitempty"` Resources *WindowsResources `json:"resources,omitempty"`
// CredentialSpec contains a JSON object describing a group Managed Service Account (gMSA) specification.
CredentialSpec interface{} `json:"credentialSpec,omitempty"`
// Servicing indicates if the container is being started in a mode to apply a Windows Update servicing operation.
Servicing bool `json:"servicing,omitempty"`
// IgnoreFlushesDuringBoot indicates if the container is being started in a mode where disk writes are not flushed during its boot process.
IgnoreFlushesDuringBoot bool `json:"ignoreFlushesDuringBoot,omitempty"`
// HyperV contains information for running a container with Hyper-V isolation.
HyperV *WindowsHyperV `json:"hyperv,omitempty"`
// Network restriction configuration.
Network *WindowsNetwork `json:"network,omitempty"`
} }
// WindowsResources has container runtime resource constraints for containers running on Windows. // WindowsResources has container runtime resource constraints for containers running on Windows.
@ -439,26 +452,22 @@ type WindowsResources struct {
CPU *WindowsCPUResources `json:"cpu,omitempty"` CPU *WindowsCPUResources `json:"cpu,omitempty"`
// Storage restriction configuration. // Storage restriction configuration.
Storage *WindowsStorageResources `json:"storage,omitempty"` Storage *WindowsStorageResources `json:"storage,omitempty"`
// Network restriction configuration.
Network *WindowsNetworkResources `json:"network,omitempty"`
} }
// WindowsMemoryResources contains memory resource management settings. // WindowsMemoryResources contains memory resource management settings.
type WindowsMemoryResources struct { type WindowsMemoryResources struct {
// Memory limit in bytes. // Memory limit in bytes.
Limit *uint64 `json:"limit,omitempty"` Limit *uint64 `json:"limit,omitempty"`
// Memory reservation in bytes.
Reservation *uint64 `json:"reservation,omitempty"`
} }
// WindowsCPUResources contains CPU resource management settings. // WindowsCPUResources contains CPU resource management settings.
type WindowsCPUResources struct { type WindowsCPUResources struct {
// Number of CPUs available to the container. // Number of CPUs available to the container.
Count *uint64 `json:"count,omitempty"` Count *uint64 `json:"count,omitempty"`
// CPU shares (relative weight to other containers with cpu shares). Range is from 1 to 10000. // CPU shares (relative weight to other containers with cpu shares).
Shares *uint16 `json:"shares,omitempty"` Shares *uint16 `json:"shares,omitempty"`
// Percent of available CPUs usable by the container. // Specifies the portion of processor cycles that this container can use as a percentage times 100.
Percent *uint8 `json:"percent,omitempty"` Maximum *uint16 `json:"maximum,omitempty"`
} }
// WindowsStorageResources contains storage resource management settings. // WindowsStorageResources contains storage resource management settings.
@ -471,17 +480,29 @@ type WindowsStorageResources struct {
SandboxSize *uint64 `json:"sandboxSize,omitempty"` SandboxSize *uint64 `json:"sandboxSize,omitempty"`
} }
// WindowsNetworkResources contains network resource management settings. // WindowsNetwork contains network settings for Windows containers.
type WindowsNetworkResources struct { type WindowsNetwork struct {
// EgressBandwidth is the maximum egress bandwidth in bytes per second. // List of HNS endpoints that the container should connect to.
EgressBandwidth *uint64 `json:"egressBandwidth,omitempty"` EndpointList []string `json:"endpointList,omitempty"`
// Specifies if unqualified DNS name resolution is allowed.
AllowUnqualifiedDNSQuery bool `json:"allowUnqualifiedDNSQuery,omitempty"`
// Comma seperated list of DNS suffixes to use for name resolution.
DNSSearchList []string `json:"DNSSearchList,omitempty"`
// Name (ID) of the container that we will share with the network stack.
NetworkSharedContainerName string `json:"networkSharedContainerName,omitempty"`
}
// WindowsHyperV contains information for configuring a container to run with Hyper-V isolation.
type WindowsHyperV struct {
// UtilityVMPath is an optional path to the image used for the Utility VM.
UtilityVMPath string `json:"utilityVMPath,omitempty"`
} }
// LinuxSeccomp represents syscall restrictions // LinuxSeccomp represents syscall restrictions
type LinuxSeccomp struct { type LinuxSeccomp struct {
DefaultAction LinuxSeccompAction `json:"defaultAction"` DefaultAction LinuxSeccompAction `json:"defaultAction"`
Architectures []Arch `json:"architectures,omitempty"` Architectures []Arch `json:"architectures,omitempty"`
Syscalls []LinuxSyscall `json:"syscalls"` Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
} }
// Arch used for additional architectures // Arch used for additional architectures
@ -548,6 +569,13 @@ type LinuxSeccompArg struct {
type LinuxSyscall struct { type LinuxSyscall struct {
Names []string `json:"names"` Names []string `json:"names"`
Action LinuxSeccompAction `json:"action"` Action LinuxSeccompAction `json:"action"`
Args []LinuxSeccompArg `json:"args"` Args []LinuxSeccompArg `json:"args,omitempty"`
Comment string `json:"comment"` }
// LinuxIntelRdt has container runtime resource constraints
// for Intel RDT/CAT which introduced in Linux 4.10 kernel
type LinuxIntelRdt struct {
// The schema for L3 cache id and capacity bitmask (CBM)
// Format: "L3:<cache_id0>=<cbm0>;<cache_id1>=<cbm1>;..."
L3CacheSchema string `json:"l3CacheSchema,omitempty"`
} }

2
vendor/github.com/opencontainers/runtime-spec/specs-go/version.go generated vendored
View File

@ -11,7 +11,7 @@ const (
VersionPatch = 0 VersionPatch = 0
// VersionDev indicates development branch. Releases will be empty string. // VersionDev indicates development branch. Releases will be empty string.
VersionDev = "-rc5" VersionDev = "-rc5-dev"
) )
// Version is the specification version that the package types support. // Version is the specification version that the package types support.