package specconv
import "github.com/opencontainers/runc/libcontainer/specconv"
Package specconv implements conversion of specifications to libcontainer configurations
Index ¶
- Variables
- func CreateCgroupConfig(opts *CreateOpts) (*configs.Cgroup, error)
- func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error)
- func Example() *specs.Spec
- func SetupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error)
- func ToRootless(spec *specs.Spec)
- type CreateOpts
Variables ¶
var AllowedDevices = []*configs.Device{ { Type: 'c', Major: wildcard, Minor: wildcard, Permissions: "m", Allow: true, }, { Type: 'b', Major: wildcard, Minor: wildcard, Permissions: "m", Allow: true, }, { Type: 'c', Path: "/dev/null", Major: 1, Minor: 3, Permissions: "rwm", Allow: true, }, { Type: 'c', Path: "/dev/random", Major: 1, Minor: 8, Permissions: "rwm", Allow: true, }, { Type: 'c', Path: "/dev/full", Major: 1, Minor: 7, Permissions: "rwm", Allow: true, }, { Type: 'c', Path: "/dev/tty", Major: 5, Minor: 0, Permissions: "rwm", Allow: true, }, { Type: 'c', Path: "/dev/zero", Major: 1, Minor: 5, Permissions: "rwm", Allow: true, }, { Type: 'c', Path: "/dev/urandom", Major: 1, Minor: 9, Permissions: "rwm", Allow: true, }, { Path: "/dev/console", Type: 'c', Major: 5, Minor: 1, Permissions: "rwm", Allow: true, }, { Path: "", Type: 'c', Major: 136, Minor: wildcard, Permissions: "rwm", Allow: true, }, { Path: "", Type: 'c', Major: 5, Minor: 2, Permissions: "rwm", Allow: true, }, { Path: "", Type: 'c', Major: 10, Minor: 200, Permissions: "rwm", Allow: true, }, }
AllowedDevices is exposed for devicefilter_test.go
Functions ¶
func CreateCgroupConfig ¶
func CreateCgroupConfig(opts *CreateOpts) (*configs.Cgroup, error)
func CreateLibcontainerConfig ¶
func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error)
CreateLibcontainerConfig creates a new libcontainer configuration from a given specification and a cgroup name
func Example ¶
func Example() *specs.Spec
Example returns an example spec file, with many options set so a user can see what a standard spec file looks like.
func SetupSeccomp ¶
func ToRootless ¶
func ToRootless(spec *specs.Spec)
ToRootless converts the given spec file into one that should work with rootless containers (euid != 0), by removing incompatible options and adding others that are needed.
Types ¶
type CreateOpts ¶
type CreateOpts struct {
CgroupName string
UseSystemdCgroup bool
NoPivotRoot bool
NoNewKeyring bool
Spec *specs.Spec
RootlessEUID bool
RootlessCgroups bool
}
Source Files ¶
- Version
- v1.0.0-rc90
- Published
- Jan 22, 2020
- Platform
- linux/amd64
- Imports
- 10 packages
- Last checked
- 24 minutes ago –
Tools for package owners.