jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

api: fix config tests 

Signed-off-by: Andrey Vagin <avagin@openvz.org>
This commit is contained in:
Andrey Vagin 2015-02-03 15:27:21 +03:00 committed by Michael Crosby
parent daca745c4c
commit bcd0222be5
13 changed files with 463 additions and 490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
configs/config_test.go
View File

@ -5,8 +5,6 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"testing" "testing"
"github.com/docker/libcontainer/devices"
) )
// Checks whether the expected capability is specified in the capabilities. // Checks whether the expected capability is specified in the capabilities.
@ -19,13 +17,13 @@ func contains(expected string, values []string) bool {
return false return false
} }
func containsDevice(expected *devices.Device, values []*devices.Device) bool { func containsDevice(expected *Device, values []*Device) bool {
for _, d := range values { for _, d := range values {
if d.Path == expected.Path && if d.Path == expected.Path &&
d.CgroupPermissions == expected.CgroupPermissions && d.Permissions == expected.Permissions &&
d.FileMode == expected.FileMode && d.FileMode == expected.FileMode &&
d.MajorNumber == expected.MajorNumber && d.Major == expected.Major &&
d.MinorNumber == expected.MinorNumber && d.Minor == expected.Minor &&
d.Type == expected.Type { d.Type == expected.Type {
return true return true
} }
@ -59,11 +57,6 @@ func TestConfigJsonFormat(t *testing.T) {
t.Fail() t.Fail()
} }
if !container.Tty {
t.Log("tty should be set to true")
t.Fail()
}
if !container.Namespaces.Contains(NEWNET) { if !container.Namespaces.Contains(NEWNET) {
t.Log("namespaces should contain NEWNET") t.Log("namespaces should contain NEWNET")
t.Fail() t.Fail()
@ -120,8 +113,8 @@ func TestConfigJsonFormat(t *testing.T) {
} }
} }
for _, d := range devices.DefaultSimpleDevices { for _, d := range DefaultSimpleDevices {
if !containsDevice(d, container.MountConfig.DeviceNodes) { if !containsDevice(d, container.DeviceNodes) {
t.Logf("expected device configuration for %s", d.Path) t.Logf("expected device configuration for %s", d.Path)
t.Fail() t.Fail()
} }
@ -154,8 +147,8 @@ func TestSelinuxLabels(t *testing.T) {
if container.ProcessLabel != label { if container.ProcessLabel != label {
t.Fatalf("expected process label %q but received %q", label, container.ProcessLabel) t.Fatalf("expected process label %q but received %q", label, container.ProcessLabel)
} }
if container.MountConfig.MountLabel != label { if container.MountLabel != label {
t.Fatalf("expected mount label %q but received %q", label, container.MountConfig.MountLabel) t.Fatalf("expected mount label %q but received %q", label, container.MountLabel)
} }
} }

20
devices/defaults.go → configs/device_defaults.go
View File

@ -1,10 +1,8 @@
package devices package configs
import "github.com/docker/libcontainer/configs"
var ( var (
// These are devices that are to be both allowed and created. // These are devices that are to be both allowed and created.
DefaultSimpleDevices = []*configs.Device{ DefaultSimpleDevices = []*Device{
// /dev/null and zero // /dev/null and zero
{ {
Path: "/dev/null", Path: "/dev/null",
@ -60,18 +58,18 @@ var (
FileMode: 0666, FileMode: 0666,
}, },
} }
DefaultAllowedDevices = append([]*configs.Device{ DefaultAllowedDevices = append([]*Device{
// allow mknod for any device // allow mknod for any device
{ {
Type: 'c', Type: 'c',
Major: configs.Wildcard, Major: Wildcard,
Minor: configs.Wildcard, Minor: Wildcard,
Permissions: "m", Permissions: "m",
}, },
{ {
Type: 'b', Type: 'b',
Major: configs.Wildcard, Major: Wildcard,
Minor: configs.Wildcard, Minor: Wildcard,
Permissions: "m", Permissions: "m",
}, },
@ -101,7 +99,7 @@ var (
Path: "", Path: "",
Type: 'c', Type: 'c',
Major: 136, Major: 136,
Minor: configs.Wildcard, Minor: Wildcard,
Permissions: "rwm", Permissions: "rwm",
}, },
{ {
@ -121,7 +119,7 @@ var (
Permissions: "rwm", Permissions: "rwm",
}, },
}, DefaultSimpleDevices...) }, DefaultSimpleDevices...)
DefaultAutoCreatedDevices = append([]*configs.Device{ DefaultAutoCreatedDevices = append([]*Device{
{ {
// /dev/fuse is created but not allowed. // /dev/fuse is created but not allowed.
// This is to allow java to work. Because java // This is to allow java to work. Because java

12
devices/devices_test.go
View File

@ -6,7 +6,7 @@ import (
"testing" "testing"
) )
func TestGetDeviceLstatFailure(t *testing.T) { func TestDeviceFromPathLstatFailure(t *testing.T) {
testError := errors.New("test error") testError := errors.New("test error")
// Override os.Lstat to inject error. // Override os.Lstat to inject error.
@ -14,13 +14,13 @@ func TestGetDeviceLstatFailure(t *testing.T) {
return nil, testError return nil, testError
} }
_, err := GetDevice("", "") _, err := DeviceFromPath("", "")
if err != testError { if err != testError {
t.Fatalf("Unexpected error %v, expected %v", err, testError) t.Fatalf("Unexpected error %v, expected %v", err, testError)
} }
} }
func TestGetHostDeviceNodesIoutilReadDirFailure(t *testing.T) { func TestHostDevicesIoutilReadDirFailure(t *testing.T) {
testError := errors.New("test error") testError := errors.New("test error")
// Override ioutil.ReadDir to inject error. // Override ioutil.ReadDir to inject error.
@ -28,13 +28,13 @@ func TestGetHostDeviceNodesIoutilReadDirFailure(t *testing.T) {
return nil, testError return nil, testError
} }
_, err := GetHostDeviceNodes() _, err := HostDevices()
if err != testError { if err != testError {
t.Fatalf("Unexpected error %v, expected %v", err, testError) t.Fatalf("Unexpected error %v, expected %v", err, testError)
} }
} }
func TestGetHostDeviceNodesIoutilReadDirDeepFailure(t *testing.T) { func TestHostDevicesIoutilReadDirDeepFailure(t *testing.T) {
testError := errors.New("test error") testError := errors.New("test error")
called := false called := false
@ -54,7 +54,7 @@ func TestGetHostDeviceNodesIoutilReadDirDeepFailure(t *testing.T) {
return []os.FileInfo{fi}, nil return []os.FileInfo{fi}, nil
} }
_, err := GetHostDeviceNodes() _, err := HostDevices()
if err != testError { if err != testError {
t.Fatalf("Unexpected error %v, expected %v", err, testError) t.Fatalf("Unexpected error %v, expected %v", err, testError)
} }

5
integration/template_test.go
View File

@ -4,7 +4,6 @@ import (
"syscall" "syscall"
"github.com/docker/libcontainer/configs" "github.com/docker/libcontainer/configs"
"github.com/docker/libcontainer/devices"
) )
// newTemplateConfig returns a base template for running a container // newTemplateConfig returns a base template for running a container
@ -41,10 +40,10 @@ func newTemplateConfig(rootfs string) *configs.Config {
Name: "test", Name: "test",
Parent: "integration", Parent: "integration",
AllowAllDevices: false, AllowAllDevices: false,
AllowedDevices: devices.DefaultAllowedDevices, AllowedDevices: configs.DefaultAllowedDevices,
}, },
DeviceNodes: devices.DefaultAutoCreatedDevices, DeviceNodes: configs.DefaultAutoCreatedDevices,
Hostname: "integration", Hostname: "integration",
Env: []string{ Env: []string{
"HOME=/root", "HOME=/root",

2
linux_container_test.go
View File

@ -34,7 +34,7 @@ func (m *mockCgroupManager) GetPaths() map[string]string {
return nil return nil
} }
func (m *mockCgroupManager) Freeze(state cgroups.FreezerState) error { func (m *mockCgroupManager) Freeze(state configs.FreezerState) error {
return nil return nil
} }

3
linux_factory_test.go
View File

@ -118,9 +118,6 @@ func TestFactoryLoadContainer(t *testing.T) {
} }
config := container.Config() config := container.Config()
if config == nil {
t.Fatal("expected non nil container config")
}
if config.RootFs != expectedConfig.RootFs { if config.RootFs != expectedConfig.RootFs {
t.Fatalf("expected rootfs %q but received %q", expectedConfig.RootFs, config.RootFs) t.Fatalf("expected rootfs %q but received %q", expectedConfig.RootFs, config.RootFs)

118
sample_configs/apparmor.json
View File

@ -16,99 +16,99 @@
"cgroups": { "cgroups": {
"allowed_devices": [ "allowed_devices": [
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 98 "type": 98
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 1, "minor": 1,
"path": "/dev/console", "path": "/dev/console",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"path": "/dev/tty0", "path": "/dev/tty0",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"minor_number": 1, "minor": 1,
"path": "/dev/tty1", "path": "/dev/tty1",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 136, "major": 136,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 2, "minor": 2,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 10, "major": 10,
"minor_number": 200, "minor": 200,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -118,57 +118,55 @@
}, },
"restrict_sys": true, "restrict_sys": true,
"apparmor_profile": "docker-default", "apparmor_profile": "docker-default",
"mount_config": {
"device_nodes": [ "device_nodes": [
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
] ],
},
"environment": [ "environment": [
"HOME=/", "HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

180
sample_configs/attach_to_bridge.json
View File

@ -16,99 +16,99 @@
"cgroups": { "cgroups": {
"allowed_devices": [ "allowed_devices": [
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 98 "type": 98
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 1, "minor": 1,
"path": "/dev/console", "path": "/dev/console",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"path": "/dev/tty0", "path": "/dev/tty0",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"minor_number": 1, "minor": 1,
"path": "/dev/tty1", "path": "/dev/tty1",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 136, "major": 136,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 2, "minor": 2,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 10, "major": 10,
"minor_number": 200, "minor": 200,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -117,57 +117,55 @@
"parent": "docker" "parent": "docker"
}, },
"restrict_sys": true, "restrict_sys": true,
"mount_config": { "device_nodes": [
"device_nodes": [ {
{ "permissions": "rwm",
"cgroup_permissions": "rwm", "file_mode": 438,
"file_mode": 438, "major": 1,
"major_number": 1, "minor": 3,
"minor_number": 3, "path": "/dev/null",
"path": "/dev/null", "type": 99
"type": 99 },
}, {
{ "permissions": "rwm",
"cgroup_permissions": "rwm", "file_mode": 438,
"file_mode": 438, "major": 1,
"major_number": 1, "minor": 5,
"minor_number": 5, "path": "/dev/zero",
"path": "/dev/zero", "type": 99
"type": 99 },
}, {
{ "permissions": "rwm",
"cgroup_permissions": "rwm", "file_mode": 438,
"file_mode": 438, "major": 1,
"major_number": 1, "minor": 7,
"minor_number": 7, "path": "/dev/full",
"path": "/dev/full", "type": 99
"type": 99 },
}, {
{ "permissions": "rwm",
"cgroup_permissions": "rwm", "file_mode": 438,
"file_mode": 438, "major": 5,
"major_number": 5, "path": "/dev/tty",
"path": "/dev/tty", "type": 99
"type": 99 },
}, {
{ "permissions": "rwm",
"cgroup_permissions": "rwm", "file_mode": 438,
"file_mode": 438, "major": 1,
"major_number": 1, "minor": 9,
"minor_number": 9, "path": "/dev/urandom",
"path": "/dev/urandom", "type": 99
"type": 99 },
}, {
{ "permissions": "rwm",
"cgroup_permissions": "rwm", "file_mode": 438,
"file_mode": 438, "major": 1,
"major_number": 1, "minor": 8,
"minor_number": 8, "path": "/dev/random",
"path": "/dev/random", "type": 99
"type": 99 }
} ],
]
},
"environment": [ "environment": [
"HOME=/", "HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/host-pid.json
View File

@ -16,99 +16,99 @@
"cgroups": { "cgroups": {
"allowed_devices": [ "allowed_devices": [
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 98 "type": 98
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 1, "minor": 1,
"path": "/dev/console", "path": "/dev/console",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"path": "/dev/tty0", "path": "/dev/tty0",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"minor_number": 1, "minor": 1,
"path": "/dev/tty1", "path": "/dev/tty1",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 136, "major": 136,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 2, "minor": 2,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 10, "major": 10,
"minor_number": 200, "minor": 200,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -117,52 +117,51 @@
"parent": "docker" "parent": "docker"
}, },
"restrict_sys": true, "restrict_sys": true,
"mount_config": {
"device_nodes": [ "device_nodes": [
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -172,8 +171,7 @@
"type": "tmpfs", "type": "tmpfs",
"destination": "/tmp" "destination": "/tmp"
} }
] ],
},
"environment": [ "environment": [
"HOME=/", "HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/minimal.json
View File

@ -16,99 +16,99 @@
"cgroups": { "cgroups": {
"allowed_devices": [ "allowed_devices": [
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 98 "type": 98
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 1, "minor": 1,
"path": "/dev/console", "path": "/dev/console",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"path": "/dev/tty0", "path": "/dev/tty0",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"minor_number": 1, "minor": 1,
"path": "/dev/tty1", "path": "/dev/tty1",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 136, "major": 136,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 2, "minor": 2,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 10, "major": 10,
"minor_number": 200, "minor": 200,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -117,52 +117,51 @@
"parent": "docker" "parent": "docker"
}, },
"restrict_sys": true, "restrict_sys": true,
"mount_config": {
"device_nodes": [ "device_nodes": [
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -172,8 +171,7 @@
"type": "tmpfs", "type": "tmpfs",
"destination": "/tmp" "destination": "/tmp"
} }
] ],
},
"environment": [ "environment": [
"HOME=/", "HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/route_source_address_selection.json
View File

@ -16,99 +16,99 @@
"cgroups": { "cgroups": {
"allowed_devices": [ "allowed_devices": [
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 98 "type": 98
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 1, "minor": 1,
"path": "/dev/console", "path": "/dev/console",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"path": "/dev/tty0", "path": "/dev/tty0",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"minor_number": 1, "minor": 1,
"path": "/dev/tty1", "path": "/dev/tty1",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 136, "major": 136,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 2, "minor": 2,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 10, "major": 10,
"minor_number": 200, "minor": 200,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -117,57 +117,55 @@
"parent": "docker" "parent": "docker"
}, },
"restrict_sys": true, "restrict_sys": true,
"mount_config": {
"device_nodes": [ "device_nodes": [
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
] ],
},
"environment": [ "environment": [
"HOME=/", "HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/selinux.json
View File

@ -16,99 +16,99 @@
"cgroups": { "cgroups": {
"allowed_devices": [ "allowed_devices": [
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 98 "type": 98
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 1, "minor": 1,
"path": "/dev/console", "path": "/dev/console",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"path": "/dev/tty0", "path": "/dev/tty0",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"minor_number": 1, "minor": 1,
"path": "/dev/tty1", "path": "/dev/tty1",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 136, "major": 136,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 2, "minor": 2,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 10, "major": 10,
"minor_number": 200, "minor": 200,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -118,58 +118,56 @@
}, },
"restrict_sys": true, "restrict_sys": true,
"process_label": "system_u:system_r:svirt_lxc_net_t:s0:c164,c475", "process_label": "system_u:system_r:svirt_lxc_net_t:s0:c164,c475",
"mount_config": {
"mount_label": "system_u:system_r:svirt_lxc_net_t:s0:c164,c475", "mount_label": "system_u:system_r:svirt_lxc_net_t:s0:c164,c475",
"device_nodes": [ "device_nodes": [
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
] ],
},
"environment": [ "environment": [
"HOME=/", "HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

118
sample_configs/userns.json
View File

@ -16,99 +16,99 @@
"cgroups": { "cgroups": {
"allowed_devices": [ "allowed_devices": [
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "m", "permissions": "m",
"major_number": -1, "major": -1,
"minor_number": -1, "minor": -1,
"type": 98 "type": 98
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 1, "minor": 1,
"path": "/dev/console", "path": "/dev/console",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"path": "/dev/tty0", "path": "/dev/tty0",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 4, "major": 4,
"minor_number": 1, "minor": 1,
"path": "/dev/tty1", "path": "/dev/tty1",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 136, "major": 136,
"minor_number": -1, "minor": -1,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 5, "major": 5,
"minor_number": 2, "minor": 2,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"major_number": 10, "major": 10,
"minor_number": 200, "minor": 200,
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -117,52 +117,51 @@
"parent": "docker" "parent": "docker"
}, },
"restrict_sys": true, "restrict_sys": true,
"mount_config": {
"device_nodes": [ "device_nodes": [
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 3, "minor": 3,
"path": "/dev/null", "path": "/dev/null",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 5, "minor": 5,
"path": "/dev/zero", "path": "/dev/zero",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 7, "minor": 7,
"path": "/dev/full", "path": "/dev/full",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 5, "major": 5,
"path": "/dev/tty", "path": "/dev/tty",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 9, "minor": 9,
"path": "/dev/urandom", "path": "/dev/urandom",
"type": 99 "type": 99
}, },
{ {
"cgroup_permissions": "rwm", "permissions": "rwm",
"file_mode": 438, "file_mode": 438,
"major_number": 1, "major": 1,
"minor_number": 8, "minor": 8,
"path": "/dev/random", "path": "/dev/random",
"type": 99 "type": 99
} }
@ -172,8 +171,7 @@
"type": "tmpfs", "type": "tmpfs",
"destination": "/tmp" "destination": "/tmp"
} }
] ],
},
"environment": [ "environment": [
"HOME=/", "HOME=/",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",