package utils

gvisor – gvisor.dev/gvisor/pkg/shim/v1/utils Index | Files

package utils

import "gvisor.dev/gvisor/pkg/shim/v1/utils"

Package utils container miscellaneous utility function used by the shim.

Index ¶

Constants
func IsSandbox(spec *specs.Spec) bool
func PanicLogPath(spec *specs.Spec) string
func ReadSpec(bundle string) (*specs.Spec, error)
func UpdateVolumeAnnotations(s *specs.Spec) (bool, error)
func UserLogPath(spec *specs.Spec) string
func WriteSpec(bundle string, spec *specs.Spec) error

Constants ¶

const (

	// ContainerTypeAnnotation is they key that defines sandbox or container.
	ContainerTypeAnnotation = "io.kubernetes.cri.container-type"

	// ContainerTypeContainer is the value for container.
	ContainerTypeContainer = "container"
)

Annotations from the CRI annotations package.

These are vendor due to import conflicts.

Functions ¶

func IsSandbox ¶

func IsSandbox(spec *specs.Spec) bool

IsSandbox checks whether a container is a sandbox container.

func PanicLogPath ¶

func PanicLogPath(spec *specs.Spec) string

PanicLogPath gets the panic log path from OCI annotation.

func ReadSpec ¶

func ReadSpec(bundle string) (*specs.Spec, error)

ReadSpec reads OCI spec from the bundle directory.

func UpdateVolumeAnnotations ¶

func UpdateVolumeAnnotations(s *specs.Spec) (bool, error)

UpdateVolumeAnnotations add necessary OCI annotations for gvisor volume optimization. Returns true if the spec was modified.

Note about EmptyDir handling: The admission controller sets mount annotations for EmptyDir as follows: - For EmptyDir volumes with medium=Memory, the "type" field is set to tmpfs. - For EmptyDir volumes with medium="", the "type" field is set to bind.

The container spec has EmptyDir mount points as bind mounts. This method modifies the spec as follows: - The "type" mount annotation for all EmptyDirs is changed to tmpfs. - The mount type in spec.Mounts[i].Type is changed as follows:

For EmptyDir volumes with medium=Memory, we change it to tmpfs.
For EmptyDir volumes with medium="", we leave it as a bind mount.
(Essentially we set it to what the admission controller said.)

runsc should use these two setting to infer EmptyDir medium:

tmpfs annotation type + tmpfs mount type = memory-backed EmptyDir
tmpfs annotation type + bind mount type = disk-backed EmptyDir

NOTE(b/416567832): Some CSI drivers (like GCS FUSE driver) use EmptyDirs to communicate with the Pod over a UDS. While not foolproof, we detect such EmptyDirs by checking if the host directory is not empty and turn off the EmptyDir optimization for them by configuring them as normal bind mounts.

func UserLogPath ¶

func UserLogPath(spec *specs.Spec) string

UserLogPath gets user log path from OCI annotation.

func WriteSpec ¶

func WriteSpec(bundle string, spec *specs.Spec) error

WriteSpec writes OCI spec to the bundle directory.

Source Files ¶

annotations.go utils.go volumes.go

Version: v0.0.0-20250710223154-7323f1df8aad (latest)
Published: Jul 10, 2025
Platform: linux/amd64
Imports: 9 packages
Last checked: 6 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples

package utils

Index ¶

Constants ¶

Functions ¶

func IsSandbox ¶

func PanicLogPath ¶

func ReadSpec ¶

func UpdateVolumeAnnotations ¶

func UserLogPath ¶

func WriteSpec ¶

Source Files ¶

Jump to identifier

Keyboard shortcuts