package spec

import "github.com/Microsoft/hcsshim/internal/guest/spec"

Package spec encapsulates a number of GCS specific oci spec modifications, e.g., networking mounts, sandbox path substitutions in guest etc.

Index

Functions

func AddAssignedDevice 

func AddAssignedDevice(ctx context.Context, spec *oci.Spec) error

AddAssignedDevice goes through the assigned devices that have been enumerated on the spec and updates the spec so that the correct device nodes can be mounted into the resulting container by the runtime.

func AddDevSev 

func AddDevSev(ctx context.Context, spec *oci.Spec) error

AddDevSev adds SEV device to container spec. On 5.x kernel the device is /dev/sev, however this changed in 6.x where the device is /dev/sev-guest.

func AddLinuxDeviceToSpec 

func AddLinuxDeviceToSpec(ctx context.Context, hostDevice *devices.Device, spec *oci.Spec, addCgroupDevice bool)

func ApplyAnnotationsToSpec 

func ApplyAnnotationsToSpec(ctx context.Context, spec *oci.Spec) error

ApplyAnnotationsToSpec modifies the spec based on additional information from annotations

func GenerateWorkloadContainerNetworkMounts 

func GenerateWorkloadContainerNetworkMounts(sandboxID string, spec *oci.Spec) []oci.Mount

GenerateWorkloadContainerNetworkMounts generates an array of specs.Mount required for container networking. Original spec is left untouched and it's the responsibility of a caller to update it.

func GetNetworkNamespaceID 

func GetNetworkNamespaceID(spec *oci.Spec) string

GetNetworkNamespaceID returns the `ToLower` of `spec.Windows.Network.NetworkNamespace` or `""`.

func HugePagesMountSource 

func HugePagesMountSource(sandboxID, path string) string

HugePagesMountSource returns hugepages mount path inside UVM

func HugePagesMountsDir 

func HugePagesMountsDir(sandboxID string) string

HugePagesMountsDir returns hugepages mounts directory inside UVM.

func IsRootReadonly 

func IsRootReadonly(spec *oci.Spec) bool

IsRootReadonly returns `true` if the spec specifies the rootfs is readonly.

func MountPresent 

func MountPresent(mountPath string, specMounts []oci.Mount) bool

MountPresent checks if mountPath is present in the specMounts array.

func OutOfUint32Bounds 

func OutOfUint32Bounds(v int) bool

func ParseUserStr 

func ParseUserStr(rootPath, userStr string) (uint32, uint32, error)

ParseUserStr parses `userStr`, looks up container filesystem's /etc/passwd and /etc/group files for UID and GID for the process.

NB: When `userStr` represents a UID, which doesn't exist, return UID as is with GID set to 0.

func SandboxMountSource 

func SandboxMountSource(sandboxID, path string) string

SandboxMountSource returns sandbox mount path inside UVM

func SandboxMountsDir 

func SandboxMountsDir(sandboxID string) string

SandboxMountsDir returns sandbox mounts directory inside UVM/host.

func SandboxRootDir 

func SandboxRootDir(sandboxID string) string

SandboxRootDir returns the sandbox container root directory inside UVM/host.

func SetCoreRLimit 

func SetCoreRLimit(spec *oci.Spec, value string) error

func SetUserStr 

func SetUserStr(spec *oci.Spec, userstr string) error

SetUserStr sets `spec.Process` to the valid `userstr` based on the OCI Image Spec v1.0.0 `userstr`.

Valid values are: user, uid, user:group, uid:gid, uid:group, user:gid. If uid is provided instead of the username then that value is not checked against the /etc/passwd file to verify if the user with given uid actually exists.

Since UID and GID are parsed as ints, but will ultimately end up as uint32 in the OCI spec, an error is returned if the the IDs are not within the uint32 bounds ([0, math.MathUint32]). This avoid unexpected results if the ID is first parsed as an int and then overflows around when downcast (eg, math.MaxUint32 + 1 will become 0). Notes:

Source Files

doc.go spec.go spec_devices.go

Version
v0.13.0 (latest)
Published
Apr 21, 2025
Platform
linux/amd64
Imports
17 packages
Last checked
11 hours ago

Tools for package owners.