jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update spec to 239c4e44f2 

This provides updates to runc for the spec changes with *Process and
OOMScoreAdj

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
This commit is contained in:
Michael Crosby 2017-06-01 16:17:21 -07:00
parent a6906d5a53
commit 854b41d81e
11 changed files with 102 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
exec.go
View File

@ -208,5 +208,5 @@ func getProcess(context *cli.Context, bundle string) (*specs.Process, error) {
} }
p.User.UID = uint32(uid) p.User.UID = uint32(uid)
} }
return &p, nil return p, nil
} }

2
libcontainer/specconv/example.go
View File

@ -23,7 +23,7 @@ func Example() *specs.Spec {
Path: "rootfs", Path: "rootfs",
Readonly: true, Readonly: true,
}, },
Process: specs.Process{ Process: &specs.Process{
Terminal: true, Terminal: true,
User: specs.User{}, User: specs.User{},
Args: []string{ Args: []string{

4
libcontainer/specconv/spec_linux.go
View File

@ -230,8 +230,8 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
config.ProcessLabel = spec.Process.SelinuxLabel config.ProcessLabel = spec.Process.SelinuxLabel
} }
config.Sysctl = spec.Linux.Sysctl config.Sysctl = spec.Linux.Sysctl
if spec.Linux.Resources != nil && spec.Linux.Resources.OOMScoreAdj != nil { if spec.Process != nil && spec.Process.OOMScoreAdj != nil {
config.OomScoreAdj = *spec.Linux.Resources.OOMScoreAdj config.OomScoreAdj = *spec.Process.OOMScoreAdj
} }
if spec.Process.Capabilities != nil { if spec.Process.Capabilities != nil {
config.Capabilities = &configs.Capabilities{ config.Capabilities = &configs.Capabilities{

2
spec.go
View File

@ -134,7 +134,7 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) {
if err = validatePlatform(&spec.Platform); err != nil { if err = validatePlatform(&spec.Platform); err != nil {
return nil, err return nil, err
} }
return spec, validateProcessSpec(&spec.Process) return spec, validateProcessSpec(spec.Process)
} }
func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error) { func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error) {

6
tests/integration/update.bats
View File

@ -31,7 +31,7 @@ function setup() {
"cpus": "0" "cpus": "0"
}, },
"blockio": { "blockio": {
"blkioWeight": 1000 "weight": 1000
}, },
"pids": { "pids": {
"limit": 20 "limit": 20
@ -184,7 +184,7 @@ function check_cgroup_value() {
"cpus": "0" "cpus": "0"
}, },
"blockIO": { "blockIO": {
"blkioWeight": 1000 "weight": 1000
}, },
"pids": { "pids": {
"limit": 20 "limit": 20
@ -235,7 +235,7 @@ EOF
"cpus": "0" "cpus": "0"
}, },
"blockIO": { "blockIO": {
"blkioWeight": 1000 "weight": 1000
}, },
"pids": { "pids": {
"limit": 20 "limit": 20

2
update.go
View File

@ -47,7 +47,7 @@ The accepted format is as follow (unchanged values can be omitted):
"mems": "" "mems": ""
}, },
"blockIO": { "blockIO": {
"blkioWeight": 0 "weight": 0
} }
} }

2
utils_linux.go
View File

@ -392,5 +392,5 @@ func startContainer(context *cli.Context, spec *specs.Spec, action CtAct, criuOp
action: action, action: action,
criuOpts: criuOpts, criuOpts: criuOpts,
} }
return r.run(&spec.Process) return r.run(spec.Process)
} }

2
vendor.conf
View File

@ -1,7 +1,7 @@
# OCI runtime-spec. When updating this, make sure you use a version tag rather # OCI runtime-spec. When updating this, make sure you use a version tag rather
# than a commit ID so it's much more obvious what version of the spec we are # than a commit ID so it's much more obvious what version of the spec we are
# using. # using.
github.com/opencontainers/runtime-spec v1.0.0-rc5 github.com/opencontainers/runtime-spec 239c4e44f2a612ed85f6db9c66247aa33f437e91
# Core libcontainer functionality. # Core libcontainer functionality.
github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08 github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
github.com/opencontainers/selinux v1.0.0-rc1 github.com/opencontainers/selinux v1.0.0-rc1

19
vendor/github.com/opencontainers/runtime-spec/README.md generated vendored
View File

@ -33,7 +33,7 @@ Example use cases include sophisticated network configuration, volume garbage co
### Runtime Developers ### Runtime Developers
Runtime developers can build runtime implementations that run OCI-compliant bundles and container configuration, containing low-level OS and host specific details, on a particular platform. Runtime developers can build runtime implementations that run OCI-compliant bundles and container configuration, containing low-level OS and host-specific details, on a particular platform.
## Releases ## Releases
@ -60,10 +60,16 @@ When in doubt, start on the [mailing-list](#mailing-list).
### Weekly Call ### Weekly Call
The contributors and maintainers of all OCI projects have a weekly meeting Wednesdays at 2:00 PM (USA Pacific). The contributors and maintainers of all OCI projects have a weekly meeting on Wednesdays at:
Everyone is welcome to participate via [UberConference web][uberconference] or audio-only: 415-968-0849 (no PIN needed.)
* 8:00 AM (USA Pacific), during [odd weeks][iso-week].
* 2:00 PM (USA Pacific), during [even weeks][iso-week].
There is an [iCalendar][rfc5545] format for the meetings [here](meeting.ics).
Everyone is welcome to participate via [UberConference web][uberconference] or audio-only: +1 415 968 0849 (no PIN needed).
An initial agenda will be posted to the [mailing list](#mailing-list) earlier in the week, and everyone is welcome to propose additional topics or suggest other agenda alterations there. An initial agenda will be posted to the [mailing list](#mailing-list) earlier in the week, and everyone is welcome to propose additional topics or suggest other agenda alterations there.
Minutes are posted to the [mailing list](#mailing-list) and minutes from past calls are archived to the [wiki][runtime-wiki]. Minutes are posted to the [mailing list](#mailing-list) and minutes from past calls are archived [here][minutes], with minutes from especially old meetings (September 2015 and earlier) archived [here][runtime-wiki].
### Mailing List ### Mailing List
@ -139,7 +145,7 @@ Read more on [How to Write a Git Commit Message][how-to-git-commit] or the Discu
5. Use the imperative mood in the subject line 5. Use the imperative mood in the subject line
6. Wrap the body at 72 characters 6. Wrap the body at 72 characters
7. Use the body to explain what and why vs. how 7. Use the body to explain what and why vs. how
* If there was important/useful/essential conversation or information, copy or include a reference * If there was important/useful/essential conversation or information, copy or include a reference
8. When possible, one keyword to scope the change in the subject (i.e. "README: ...", "runtime: ...") 8. When possible, one keyword to scope the change in the subject (i.e. "README: ...", "runtime: ...")
@ -148,7 +154,10 @@ Read more on [How to Write a Git Commit Message][how-to-git-commit] or the Discu
[dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev [dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev
[how-to-git-commit]: http://chris.beams.io/posts/git-commit [how-to-git-commit]: http://chris.beams.io/posts/git-commit
[irc-logs]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/ [irc-logs]: http://ircbot.wl.linuxfoundation.org/eavesdrop/%23opencontainers/
[iso-week]: https://en.wikipedia.org/wiki/ISO_week_date#Calculating_the_week_number_of_a_given_date
[minutes]: http://ircbot.wl.linuxfoundation.org/meetings/opencontainers/
[oci]: https://www.opencontainers.org [oci]: https://www.opencontainers.org
[rfc5545]: https://tools.ietf.org/html/rfc5545
[runtime-wiki]: https://github.com/opencontainers/runtime-spec/wiki [runtime-wiki]: https://github.com/opencontainers/runtime-spec/wiki
[uberconference]: https://www.uberconference.com/opencontainers [uberconference]: https://www.uberconference.com/opencontainers

124
vendor/github.com/opencontainers/runtime-spec/specs-go/config.go generated vendored
View File

@ -9,7 +9,7 @@ type Spec struct {
// Platform specifies the configuration's target platform. // Platform specifies the configuration's target platform.
Platform Platform `json:"platform"` Platform Platform `json:"platform"`
// Process configures the container process. // Process configures the container process.
Process Process `json:"process"` Process *Process `json:"process,omitempty"`
// Root configures the container's root filesystem. // Root configures the container's root filesystem.
Root Root `json:"root"` Root Root `json:"root"`
// Hostname configures the container's hostname. // Hostname configures the container's hostname.
@ -17,15 +17,15 @@ type Spec struct {
// Mounts configures additional mounts (on top of Root). // Mounts configures additional mounts (on top of Root).
Mounts []Mount `json:"mounts,omitempty"` Mounts []Mount `json:"mounts,omitempty"`
// Hooks configures callbacks for container lifecycle events. // Hooks configures callbacks for container lifecycle events.
Hooks *Hooks `json:"hooks,omitempty"` Hooks *Hooks `json:"hooks,omitempty" platform:"linux,solaris"`
// Annotations contains arbitrary metadata for the container. // Annotations contains arbitrary metadata for the container.
Annotations map[string]string `json:"annotations,omitempty"` Annotations map[string]string `json:"annotations,omitempty"`
// Linux is platform specific configuration for Linux based containers. // Linux is platform-specific configuration for Linux based containers.
Linux *Linux `json:"linux,omitempty" platform:"linux"` Linux *Linux `json:"linux,omitempty" platform:"linux"`
// Solaris is platform specific configuration for Solaris containers. // Solaris is platform-specific configuration for Solaris based containers.
Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"` Solaris *Solaris `json:"solaris,omitempty" platform:"solaris"`
// Windows is platform specific configuration for Windows based containers, including Hyper-V containers. // Windows is platform-specific configuration for Windows based containers.
Windows *Windows `json:"windows,omitempty" platform:"windows"` Windows *Windows `json:"windows,omitempty" platform:"windows"`
} }
@ -34,7 +34,7 @@ type Process struct {
// Terminal creates an interactive terminal for the container. // Terminal creates an interactive terminal for the container.
Terminal bool `json:"terminal,omitempty"` Terminal bool `json:"terminal,omitempty"`
// ConsoleSize specifies the size of the console. // ConsoleSize specifies the size of the console.
ConsoleSize Box `json:"consoleSize,omitempty"` ConsoleSize *Box `json:"consoleSize,omitempty"`
// User specifies user information for the process. // User specifies user information for the process.
User User `json:"user"` User User `json:"user"`
// Args specifies the binary and arguments for the application to execute. // Args specifies the binary and arguments for the application to execute.
@ -52,6 +52,8 @@ type Process struct {
NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
// ApparmorProfile specifies the apparmor profile for the container. // ApparmorProfile specifies the apparmor profile for the container.
ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"` ApparmorProfile string `json:"apparmorProfile,omitempty" platform:"linux"`
// Specify an oom_score_adj for the container.
OOMScoreAdj *int `json:"oomScoreAdj,omitempty" platform:"linux"`
// SelinuxLabel specifies the selinux context that the container process is run as. // SelinuxLabel specifies the selinux context that the container process is run as.
SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"` SelinuxLabel string `json:"selinuxLabel,omitempty" platform:"linux"`
} }
@ -94,7 +96,7 @@ type User struct {
// Root contains information about the container's root filesystem on the host. // Root contains information about the container's root filesystem on the host.
type Root struct { type Root struct {
// Path is the absolute path to the container's root filesystem. // Path is the absolute path to the container's root filesystem.
Path string `json:"path"` Path string `json:"path,omitempty"`
// Readonly makes the root filesystem for the container readonly before the process is executed. // Readonly makes the root filesystem for the container readonly before the process is executed.
Readonly bool `json:"readonly,omitempty"` Readonly bool `json:"readonly,omitempty"`
} }
@ -110,12 +112,11 @@ type Platform struct {
// Mount specifies a mount for a container. // Mount specifies a mount for a container.
type Mount struct { type Mount struct {
// Destination is the path where the mount will be placed relative to the container's root. The path and child directories MUST exist, a runtime MUST NOT create directories automatically to a mount point. // Destination is the absolute path where the mount will be placed in the container.
Destination string `json:"destination"` Destination string `json:"destination"`
// Type specifies the mount kind. // Type specifies the mount kind.
Type string `json:"type,omitempty"` Type string `json:"type,omitempty" platform:"linux,solaris"`
// Source specifies the source path of the mount. In the case of bind mounts on // Source specifies the source path of the mount.
// Linux based systems this would be the file on the host.
Source string `json:"source,omitempty"` Source string `json:"source,omitempty"`
// Options are fstab style mount options. // Options are fstab style mount options.
Options []string `json:"options,omitempty"` Options []string `json:"options,omitempty"`
@ -132,7 +133,6 @@ type Hook struct {
// Hooks for container setup and teardown // Hooks for container setup and teardown
type Hooks struct { type Hooks struct {
// Prestart is a list of hooks to be run before the container process is executed. // Prestart is a list of hooks to be run before the container process is executed.
// On Linux, they are run after the container namespaces are created.
Prestart []Hook `json:"prestart,omitempty"` Prestart []Hook `json:"prestart,omitempty"`
// Poststart is a list of hooks to be run after the container process is started. // Poststart is a list of hooks to be run after the container process is started.
Poststart []Hook `json:"poststart,omitempty"` Poststart []Hook `json:"poststart,omitempty"`
@ -140,11 +140,11 @@ type Hooks struct {
Poststop []Hook `json:"poststop,omitempty"` Poststop []Hook `json:"poststop,omitempty"`
} }
// Linux contains platform specific configuration for Linux based containers. // Linux contains platform-specific configuration for Linux based containers.
type Linux struct { type Linux struct {
// UIDMapping specifies user mappings for supporting user namespaces on Linux. // UIDMapping specifies user mappings for supporting user namespaces.
UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty"` UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty"`
// GIDMapping specifies group mappings for supporting user namespaces on Linux. // GIDMapping specifies group mappings for supporting user namespaces.
GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty"` GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty"`
// Sysctl are a set of key value pairs that are set for the container on start // Sysctl are a set of key value pairs that are set for the container on start
Sysctl map[string]string `json:"sysctl,omitempty"` Sysctl map[string]string `json:"sysctl,omitempty"`
@ -169,11 +169,14 @@ type Linux struct {
ReadonlyPaths []string `json:"readonlyPaths,omitempty"` ReadonlyPaths []string `json:"readonlyPaths,omitempty"`
// MountLabel specifies the selinux context for the mounts in the container. // MountLabel specifies the selinux context for the mounts in the container.
MountLabel string `json:"mountLabel,omitempty"` MountLabel string `json:"mountLabel,omitempty"`
// IntelRdt contains Intel Resource Director Technology (RDT) information
// for handling resource constraints (e.g., L3 cache) for the container
IntelRdt *LinuxIntelRdt `json:"intelRdt,omitempty"`
} }
// LinuxNamespace is the configuration for a Linux namespace // LinuxNamespace is the configuration for a Linux namespace
type LinuxNamespace struct { type LinuxNamespace struct {
// Type is the type of Linux namespace // Type is the type of namespace
Type LinuxNamespaceType `json:"type"` Type LinuxNamespaceType `json:"type"`
// Path is a path to an existing namespace persisted on disk that can be joined // Path is a path to an existing namespace persisted on disk that can be joined
// and is of the same type // and is of the same type
@ -244,12 +247,12 @@ type linuxBlockIODevice struct {
Minor int64 `json:"minor"` Minor int64 `json:"minor"`
} }
// LinuxWeightDevice struct holds a `major:minor weight` pair for blkioWeightDevice // LinuxWeightDevice struct holds a `major:minor weight` pair for weightDevice
type LinuxWeightDevice struct { type LinuxWeightDevice struct {
linuxBlockIODevice linuxBlockIODevice
// Weight is the bandwidth rate for the device, range is from 10 to 1000 // Weight is the bandwidth rate for the device.
Weight *uint16 `json:"weight,omitempty"` Weight *uint16 `json:"weight,omitempty"`
// LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, CFQ scheduler only
LeafWeight *uint16 `json:"leafWeight,omitempty"` LeafWeight *uint16 `json:"leafWeight,omitempty"`
} }
@ -262,20 +265,20 @@ type LinuxThrottleDevice struct {
// LinuxBlockIO for Linux cgroup 'blkio' resource management // LinuxBlockIO for Linux cgroup 'blkio' resource management
type LinuxBlockIO struct { type LinuxBlockIO struct {
// Specifies per cgroup weight, range is from 10 to 1000 // Specifies per cgroup weight
Weight *uint16 `json:"blkioWeight,omitempty"` Weight *uint16 `json:"weight,omitempty"`
// Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, CFQ scheduler only
LeafWeight *uint16 `json:"blkioLeafWeight,omitempty"` LeafWeight *uint16 `json:"leafWeight,omitempty"`
// Weight per cgroup per device, can override BlkioWeight // Weight per cgroup per device, can override BlkioWeight
WeightDevice []LinuxWeightDevice `json:"blkioWeightDevice,omitempty"` WeightDevice []LinuxWeightDevice `json:"weightDevice,omitempty"`
// IO read rate limit per cgroup per device, bytes per second // IO read rate limit per cgroup per device, bytes per second
ThrottleReadBpsDevice []LinuxThrottleDevice `json:"blkioThrottleReadBpsDevice,omitempty"` ThrottleReadBpsDevice []LinuxThrottleDevice `json:"throttleReadBpsDevice,omitempty"`
// IO write rate limit per cgroup per device, bytes per second // IO write rate limit per cgroup per device, bytes per second
ThrottleWriteBpsDevice []LinuxThrottleDevice `json:"blkioThrottleWriteBpsDevice,omitempty"` ThrottleWriteBpsDevice []LinuxThrottleDevice `json:"throttleWriteBpsDevice,omitempty"`
// IO read rate limit per cgroup per device, IO per second // IO read rate limit per cgroup per device, IO per second
ThrottleReadIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleReadIOPSDevice,omitempty"` ThrottleReadIOPSDevice []LinuxThrottleDevice `json:"throttleReadIOPSDevice,omitempty"`
// IO write rate limit per cgroup per device, IO per second // IO write rate limit per cgroup per device, IO per second
ThrottleWriteIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleWriteIOPSDevice,omitempty"` ThrottleWriteIOPSDevice []LinuxThrottleDevice `json:"throttleWriteIOPSDevice,omitempty"`
} }
// LinuxMemory for Linux cgroup 'memory' resource management // LinuxMemory for Linux cgroup 'memory' resource management
@ -290,7 +293,7 @@ type LinuxMemory struct {
Kernel *uint64 `json:"kernel,omitempty"` Kernel *uint64 `json:"kernel,omitempty"`
// Kernel memory limit for tcp (in bytes) // Kernel memory limit for tcp (in bytes)
KernelTCP *uint64 `json:"kernelTCP,omitempty"` KernelTCP *uint64 `json:"kernelTCP,omitempty"`
// How aggressive the kernel will swap memory pages. Range from 0 to 100. // How aggressive the kernel will swap memory pages.
Swappiness *uint64 `json:"swappiness,omitempty"` Swappiness *uint64 `json:"swappiness,omitempty"`
} }
@ -332,8 +335,6 @@ type LinuxResources struct {
Devices []LinuxDeviceCgroup `json:"devices,omitempty"` Devices []LinuxDeviceCgroup `json:"devices,omitempty"`
// DisableOOMKiller disables the OOM killer for out of memory conditions // DisableOOMKiller disables the OOM killer for out of memory conditions
DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"`
// Specify an oom_score_adj for the container.
OOMScoreAdj *int `json:"oomScoreAdj,omitempty"`
// Memory restriction configuration // Memory restriction configuration
Memory *LinuxMemory `json:"memory,omitempty"` Memory *LinuxMemory `json:"memory,omitempty"`
// CPU resource restriction configuration // CPU resource restriction configuration
@ -380,7 +381,7 @@ type LinuxDeviceCgroup struct {
Access string `json:"access,omitempty"` Access string `json:"access,omitempty"`
} }
// Solaris contains platform specific configuration for Solaris application containers. // Solaris contains platform-specific configuration for Solaris application containers.
type Solaris struct { type Solaris struct {
// SMF FMRI which should go "online" before we start the container process. // SMF FMRI which should go "online" before we start the container process.
Milestone string `json:"milestone,omitempty"` Milestone string `json:"milestone,omitempty"`
@ -427,8 +428,20 @@ type SolarisAnet struct {
// Windows defines the runtime configuration for Windows based containers, including Hyper-V containers. // Windows defines the runtime configuration for Windows based containers, including Hyper-V containers.
type Windows struct { type Windows struct {
// LayerFolders contains a list of absolute paths to directories containing image layers.
LayerFolders []string `json:"layerFolders"`
// Resources contains information for handling resource constraints for the container. // Resources contains information for handling resource constraints for the container.
Resources *WindowsResources `json:"resources,omitempty"` Resources *WindowsResources `json:"resources,omitempty"`
// CredentialSpec contains a JSON object describing a group Managed Service Account (gMSA) specification.
CredentialSpec interface{} `json:"credentialSpec,omitempty"`
// Servicing indicates if the container is being started in a mode to apply a Windows Update servicing operation.
Servicing bool `json:"servicing,omitempty"`
// IgnoreFlushesDuringBoot indicates if the container is being started in a mode where disk writes are not flushed during its boot process.
IgnoreFlushesDuringBoot bool `json:"ignoreFlushesDuringBoot,omitempty"`
// HyperV contains information for running a container with Hyper-V isolation.
HyperV *WindowsHyperV `json:"hyperv,omitempty"`
// Network restriction configuration.
Network *WindowsNetwork `json:"network,omitempty"`
} }
// WindowsResources has container runtime resource constraints for containers running on Windows. // WindowsResources has container runtime resource constraints for containers running on Windows.
@ -439,26 +452,22 @@ type WindowsResources struct {
CPU *WindowsCPUResources `json:"cpu,omitempty"` CPU *WindowsCPUResources `json:"cpu,omitempty"`
// Storage restriction configuration. // Storage restriction configuration.
Storage *WindowsStorageResources `json:"storage,omitempty"` Storage *WindowsStorageResources `json:"storage,omitempty"`
// Network restriction configuration.
Network *WindowsNetworkResources `json:"network,omitempty"`
} }
// WindowsMemoryResources contains memory resource management settings. // WindowsMemoryResources contains memory resource management settings.
type WindowsMemoryResources struct { type WindowsMemoryResources struct {
// Memory limit in bytes. // Memory limit in bytes.
Limit *uint64 `json:"limit,omitempty"` Limit *uint64 `json:"limit,omitempty"`
// Memory reservation in bytes.
Reservation *uint64 `json:"reservation,omitempty"`
} }
// WindowsCPUResources contains CPU resource management settings. // WindowsCPUResources contains CPU resource management settings.
type WindowsCPUResources struct { type WindowsCPUResources struct {
// Number of CPUs available to the container. // Number of CPUs available to the container.
Count *uint64 `json:"count,omitempty"` Count *uint64 `json:"count,omitempty"`
// CPU shares (relative weight to other containers with cpu shares). Range is from 1 to 10000. // CPU shares (relative weight to other containers with cpu shares).
Shares *uint16 `json:"shares,omitempty"` Shares *uint16 `json:"shares,omitempty"`
// Percent of available CPUs usable by the container. // Specifies the portion of processor cycles that this container can use as a percentage times 100.
Percent *uint8 `json:"percent,omitempty"` Maximum *uint16 `json:"maximum,omitempty"`
} }
// WindowsStorageResources contains storage resource management settings. // WindowsStorageResources contains storage resource management settings.
@ -471,17 +480,29 @@ type WindowsStorageResources struct {
SandboxSize *uint64 `json:"sandboxSize,omitempty"` SandboxSize *uint64 `json:"sandboxSize,omitempty"`
} }
// WindowsNetworkResources contains network resource management settings. // WindowsNetwork contains network settings for Windows containers.
type WindowsNetworkResources struct { type WindowsNetwork struct {
// EgressBandwidth is the maximum egress bandwidth in bytes per second. // List of HNS endpoints that the container should connect to.
EgressBandwidth *uint64 `json:"egressBandwidth,omitempty"` EndpointList []string `json:"endpointList,omitempty"`
// Specifies if unqualified DNS name resolution is allowed.
AllowUnqualifiedDNSQuery bool `json:"allowUnqualifiedDNSQuery,omitempty"`
// Comma seperated list of DNS suffixes to use for name resolution.
DNSSearchList []string `json:"DNSSearchList,omitempty"`
// Name (ID) of the container that we will share with the network stack.
NetworkSharedContainerName string `json:"networkSharedContainerName,omitempty"`
}
// WindowsHyperV contains information for configuring a container to run with Hyper-V isolation.
type WindowsHyperV struct {
// UtilityVMPath is an optional path to the image used for the Utility VM.
UtilityVMPath string `json:"utilityVMPath,omitempty"`
} }
// LinuxSeccomp represents syscall restrictions // LinuxSeccomp represents syscall restrictions
type LinuxSeccomp struct { type LinuxSeccomp struct {
DefaultAction LinuxSeccompAction `json:"defaultAction"` DefaultAction LinuxSeccompAction `json:"defaultAction"`
Architectures []Arch `json:"architectures,omitempty"` Architectures []Arch `json:"architectures,omitempty"`
Syscalls []LinuxSyscall `json:"syscalls"` Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
} }
// Arch used for additional architectures // Arch used for additional architectures
@ -546,8 +567,15 @@ type LinuxSeccompArg struct {
// LinuxSyscall is used to match a syscall in Seccomp // LinuxSyscall is used to match a syscall in Seccomp
type LinuxSyscall struct { type LinuxSyscall struct {
Names []string `json:"names"` Names []string `json:"names"`
Action LinuxSeccompAction `json:"action"` Action LinuxSeccompAction `json:"action"`
Args []LinuxSeccompArg `json:"args"` Args []LinuxSeccompArg `json:"args,omitempty"`
Comment string `json:"comment"` }
// LinuxIntelRdt has container runtime resource constraints
// for Intel RDT/CAT which introduced in Linux 4.10 kernel
type LinuxIntelRdt struct {
// The schema for L3 cache id and capacity bitmask (CBM)
// Format: "L3:<cache_id0>=<cbm0>;<cache_id1>=<cbm1>;..."
L3CacheSchema string `json:"l3CacheSchema,omitempty"`
} }

2
vendor/github.com/opencontainers/runtime-spec/specs-go/version.go generated vendored
View File

@ -11,7 +11,7 @@ const (
VersionPatch = 0 VersionPatch = 0
// VersionDev indicates development branch. Releases will be empty string. // VersionDev indicates development branch. Releases will be empty string.
VersionDev = "-rc5" VersionDev = "-rc5-dev"
) )
// Version is the specification version that the package types support. // Version is the specification version that the package types support.