package spec
import "github.com/Microsoft/hcsshim/internal/guest/spec"
Package spec encapsulates a number of GCS specific oci spec modifications, e.g., networking mounts, sandbox path substitutions in guest etc.
Index ¶
- func AddAssignedDevice(ctx context.Context, spec *oci.Spec) error
- func AddDevSev(ctx context.Context, spec *oci.Spec) error
- func AddLinuxDeviceToSpec(ctx context.Context, hostDevice *devices.Device, spec *oci.Spec, addCgroupDevice bool)
- func ApplyAnnotationsToSpec(ctx context.Context, spec *oci.Spec) error
- func GenerateWorkloadContainerNetworkMounts(sandboxID string, spec *oci.Spec) []oci.Mount
- func GetNetworkNamespaceID(spec *oci.Spec) string
- func HugePagesMountSource(sandboxID, path string) string
- func HugePagesMountsDir(sandboxID string) string
- func IsRootReadonly(spec *oci.Spec) bool
- func MountPresent(mountPath string, specMounts []oci.Mount) bool
- func OutOfUint32Bounds(v int) bool
- func ParseUserStr(rootPath, userStr string) (uint32, uint32, error)
- func SandboxMountSource(sandboxID, path string) string
- func SandboxMountsDir(sandboxID string) string
- func SandboxRootDir(sandboxID string) string
- func SetCoreRLimit(spec *oci.Spec, value string) error
- func SetUserStr(spec *oci.Spec, userstr string) error
Functions ¶
func AddAssignedDevice ¶
AddAssignedDevice goes through the assigned devices that have been enumerated on the spec and updates the spec so that the correct device nodes can be mounted into the resulting container by the runtime.
func AddDevSev ¶
AddDevSev adds SEV device to container spec. On 5.x kernel the device is /dev/sev, however this changed in 6.x where the device is /dev/sev-guest.
func AddLinuxDeviceToSpec ¶
func AddLinuxDeviceToSpec(ctx context.Context, hostDevice *devices.Device, spec *oci.Spec, addCgroupDevice bool)
func ApplyAnnotationsToSpec ¶
ApplyAnnotationsToSpec modifies the spec based on additional information from annotations
func GenerateWorkloadContainerNetworkMounts ¶
GenerateWorkloadContainerNetworkMounts generates an array of specs.Mount required for container networking. Original spec is left untouched and it's the responsibility of a caller to update it.
func GetNetworkNamespaceID ¶
GetNetworkNamespaceID returns the `ToLower` of `spec.Windows.Network.NetworkNamespace` or `""`.
func HugePagesMountSource ¶
HugePagesMountSource returns hugepages mount path inside UVM
func HugePagesMountsDir ¶
HugePagesMountsDir returns hugepages mounts directory inside UVM.
func IsRootReadonly ¶
IsRootReadonly returns `true` if the spec specifies the rootfs is readonly.
func MountPresent ¶
MountPresent checks if mountPath is present in the specMounts array.
func OutOfUint32Bounds ¶
func ParseUserStr ¶
ParseUserStr parses `userStr`, looks up container filesystem's /etc/passwd and /etc/group files for UID and GID for the process.
NB: When `userStr` represents a UID, which doesn't exist, return UID as is with GID set to 0.
func SandboxMountSource ¶
SandboxMountSource returns sandbox mount path inside UVM
func SandboxMountsDir ¶
SandboxMountsDir returns sandbox mounts directory inside UVM/host.
func SandboxRootDir ¶
SandboxRootDir returns the sandbox container root directory inside UVM/host.
func SetCoreRLimit ¶
func SetUserStr ¶
SetUserStr sets `spec.Process` to the valid `userstr` based on the OCI Image Spec v1.0.0 `userstr`.
Valid values are: user, uid, user:group, uid:gid, uid:group, user:gid. If uid is provided instead of the username then that value is not checked against the /etc/passwd file to verify if the user with given uid actually exists.
Since UID and GID are parsed as ints, but will ultimately end up as uint32 in the OCI spec, an error is returned if the the IDs are not within the uint32 bounds ([0, math.MathUint32]). This avoid unexpected results if the ID is first parsed as an int and then overflows around when downcast (eg, math.MaxUint32 + 1 will become 0). Notes:
- Per the Go spec, we have no indication of overflow when converting between integer types.
- "man 5 passwd" and "man 5 group" (as well as user.ParsePasswdFileFilter and [user.ParseGroupFilter)) do not specify any limits on the UID and GID range.
Source Files ¶
doc.go spec.go spec_devices.go
- Version
- v0.13.0 (latest)
- Published
- Apr 21, 2025
- Platform
- linux/amd64
- Imports
- 17 packages
- Last checked
- 11 hours ago –
Tools for package owners.