vbatts
/
containerd
1
0
Fork 0
Code Pull Requests Releases Activity

Merge pull request #647 from otsneh/spec-values-fix 

Update shim exec rpc to take fewer args
This commit is contained in:
Derek McGowan 2017-03-21 17:03:04 -07:00 committed by GitHub
parent 604af9cd46 87f94bf79b
commit 26fe49a7bc
4 changed files with 115 additions and 496 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

550
api/services/shim/shim.pb.go
View File

@ -30,7 +30,8 @@ package shim
import proto "github.com/gogo/protobuf/proto"
import fmt "fmt"
import math "math"
import google_protobuf "github.com/golang/protobuf/ptypes/empty"
import google_protobuf "github.com/gogo/protobuf/types"
import google_protobuf1 "github.com/golang/protobuf/ptypes/empty"
import _ "github.com/gogo/protobuf/gogoproto"
import containerd_v1_types "github.com/docker/containerd/api/types/mount"
import containerd_v1_types1 "github.com/docker/containerd/api/types/container"
@ -104,19 +105,11 @@ func (*DeleteResponse) ProtoMessage() {}
func (*DeleteResponse) Descriptor() ([]byte, []int) { return fileDescriptorShim, []int{4} }
type ExecRequest struct {
Terminal bool `protobuf:"varint,1,opt,name=terminal,proto3" json:"terminal,omitempty"`
Stdin string `protobuf:"bytes,2,opt,name=stdin,proto3" json:"stdin,omitempty"`
Stdout string `protobuf:"bytes,3,opt,name=stdout,proto3" json:"stdout,omitempty"`
Stderr string `protobuf:"bytes,4,opt,name=stderr,proto3" json:"stderr,omitempty"`
SelinuxLabel string `protobuf:"bytes,5,opt,name=selinux_label,json=selinuxLabel,proto3" json:"selinux_label,omitempty"`
User *containerd_v1_types1.User `protobuf:"bytes,6,opt,name=user" json:"user,omitempty"`
Args []string `protobuf:"bytes,7,rep,name=args" json:"args,omitempty"`
Env []string `protobuf:"bytes,8,rep,name=env" json:"env,omitempty"`
Cwd string `protobuf:"bytes,9,opt,name=cwd,proto3" json:"cwd,omitempty"`
Capabilities []string `protobuf:"bytes,10,rep,name=capabilities" json:"capabilities,omitempty"`
Rlimits []*Rlimit `protobuf:"bytes,11,rep,name=rlimits" json:"rlimits,omitempty"`
NoNewPrivileges bool `protobuf:"varint,12,opt,name=no_new_privileges,json=noNewPrivileges,proto3" json:"no_new_privileges,omitempty"`
ApparmorProfile string `protobuf:"bytes,13,opt,name=apparmor_profile,json=apparmorProfile,proto3" json:"apparmor_profile,omitempty"`
Terminal bool `protobuf:"varint,1,opt,name=terminal,proto3" json:"terminal,omitempty"`
Stdin string `protobuf:"bytes,2,opt,name=stdin,proto3" json:"stdin,omitempty"`
Stdout string `protobuf:"bytes,3,opt,name=stdout,proto3" json:"stdout,omitempty"`
Stderr string `protobuf:"bytes,4,opt,name=stderr,proto3" json:"stderr,omitempty"`
Spec *google_protobuf.Any `protobuf:"bytes,5,opt,name=spec" json:"spec,omitempty"`
}
func (m *ExecRequest) Reset() { *m = ExecRequest{} }
@ -228,15 +221,15 @@ const _ = grpc.SupportPackageIsVersion4
type ShimClient interface {
Create(ctx context.Context, in *CreateRequest, opts ...grpc.CallOption) (*CreateResponse, error)
Start(ctx context.Context, in *StartRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
Start(ctx context.Context, in *StartRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error)
Exec(ctx context.Context, in *ExecRequest, opts ...grpc.CallOption) (*ExecResponse, error)
Pty(ctx context.Context, in *PtyRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
Pty(ctx context.Context, in *PtyRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
Events(ctx context.Context, in *EventsRequest, opts ...grpc.CallOption) (Shim_EventsClient, error)
State(ctx context.Context, in *StateRequest, opts ...grpc.CallOption) (*StateResponse, error)
Pause(ctx context.Context, in *PauseRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
Resume(ctx context.Context, in *ResumeRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
Exit(ctx context.Context, in *ExitRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error)
Pause(ctx context.Context, in *PauseRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
Resume(ctx context.Context, in *ResumeRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
Exit(ctx context.Context, in *ExitRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error)
}
type shimClient struct {
@ -256,8 +249,8 @@ func (c *shimClient) Create(ctx context.Context, in *CreateRequest, opts ...grpc
return out, nil
}
func (c *shimClient) Start(ctx context.Context, in *StartRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
out := new(google_protobuf.Empty)
func (c *shimClient) Start(ctx context.Context, in *StartRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
out := new(google_protobuf1.Empty)
err := grpc.Invoke(ctx, "/containerd.v1.services.shim.Shim/Start", in, out, c.cc, opts...)
if err != nil {
return nil, err
@ -283,8 +276,8 @@ func (c *shimClient) Exec(ctx context.Context, in *ExecRequest, opts ...grpc.Cal
return out, nil
}
func (c *shimClient) Pty(ctx context.Context, in *PtyRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
out := new(google_protobuf.Empty)
func (c *shimClient) Pty(ctx context.Context, in *PtyRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
out := new(google_protobuf1.Empty)
err := grpc.Invoke(ctx, "/containerd.v1.services.shim.Shim/Pty", in, out, c.cc, opts...)
if err != nil {
return nil, err
@ -333,8 +326,8 @@ func (c *shimClient) State(ctx context.Context, in *StateRequest, opts ...grpc.C
return out, nil
}
func (c *shimClient) Pause(ctx context.Context, in *PauseRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
out := new(google_protobuf.Empty)
func (c *shimClient) Pause(ctx context.Context, in *PauseRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
out := new(google_protobuf1.Empty)
err := grpc.Invoke(ctx, "/containerd.v1.services.shim.Shim/Pause", in, out, c.cc, opts...)
if err != nil {
return nil, err
@ -342,8 +335,8 @@ func (c *shimClient) Pause(ctx context.Context, in *PauseRequest, opts ...grpc.C
return out, nil
}
func (c *shimClient) Resume(ctx context.Context, in *ResumeRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
out := new(google_protobuf.Empty)
func (c *shimClient) Resume(ctx context.Context, in *ResumeRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
out := new(google_protobuf1.Empty)
err := grpc.Invoke(ctx, "/containerd.v1.services.shim.Shim/Resume", in, out, c.cc, opts...)
if err != nil {
return nil, err
@ -351,8 +344,8 @@ func (c *shimClient) Resume(ctx context.Context, in *ResumeRequest, opts ...grpc
return out, nil
}
func (c *shimClient) Exit(ctx context.Context, in *ExitRequest, opts ...grpc.CallOption) (*google_protobuf.Empty, error) {
out := new(google_protobuf.Empty)
func (c *shimClient) Exit(ctx context.Context, in *ExitRequest, opts ...grpc.CallOption) (*google_protobuf1.Empty, error) {
out := new(google_protobuf1.Empty)
err := grpc.Invoke(ctx, "/containerd.v1.services.shim.Shim/Exit", in, out, c.cc, opts...)
if err != nil {
return nil, err
@ -364,15 +357,15 @@ func (c *shimClient) Exit(ctx context.Context, in *ExitRequest, opts ...grpc.Cal
type ShimServer interface {
Create(context.Context, *CreateRequest) (*CreateResponse, error)
Start(context.Context, *StartRequest) (*google_protobuf.Empty, error)
Start(context.Context, *StartRequest) (*google_protobuf1.Empty, error)
Delete(context.Context, *DeleteRequest) (*DeleteResponse, error)
Exec(context.Context, *ExecRequest) (*ExecResponse, error)
Pty(context.Context, *PtyRequest) (*google_protobuf.Empty, error)
Pty(context.Context, *PtyRequest) (*google_protobuf1.Empty, error)
Events(*EventsRequest, Shim_EventsServer) error
State(context.Context, *StateRequest) (*StateResponse, error)
Pause(context.Context, *PauseRequest) (*google_protobuf.Empty, error)
Resume(context.Context, *ResumeRequest) (*google_protobuf.Empty, error)
Exit(context.Context, *ExitRequest) (*google_protobuf.Empty, error)
Pause(context.Context, *PauseRequest) (*google_protobuf1.Empty, error)
Resume(context.Context, *ResumeRequest) (*google_protobuf1.Empty, error)
Exit(context.Context, *ExitRequest) (*google_protobuf1.Empty, error)
}
func RegisterShimServer(s *grpc.Server, srv ShimServer) {
@ -829,101 +822,16 @@ func (m *ExecRequest) MarshalTo(dAtA []byte) (int, error) {
i = encodeVarintShim(dAtA, i, uint64(len(m.Stderr)))
i += copy(dAtA[i:], m.Stderr)
}
if len(m.SelinuxLabel) > 0 {
if m.Spec != nil {
dAtA[i] = 0x2a
i++
i = encodeVarintShim(dAtA, i, uint64(len(m.SelinuxLabel)))
i += copy(dAtA[i:], m.SelinuxLabel)
}
if m.User != nil {
dAtA[i] = 0x32
i++
i = encodeVarintShim(dAtA, i, uint64(m.User.Size()))
n1, err := m.User.MarshalTo(dAtA[i:])
i = encodeVarintShim(dAtA, i, uint64(m.Spec.Size()))
n1, err := m.Spec.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n1
}
if len(m.Args) > 0 {
for _, s := range m.Args {
dAtA[i] = 0x3a
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
if len(m.Env) > 0 {
for _, s := range m.Env {
dAtA[i] = 0x42
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
if len(m.Cwd) > 0 {
dAtA[i] = 0x4a
i++
i = encodeVarintShim(dAtA, i, uint64(len(m.Cwd)))
i += copy(dAtA[i:], m.Cwd)
}
if len(m.Capabilities) > 0 {
for _, s := range m.Capabilities {
dAtA[i] = 0x52
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
if len(m.Rlimits) > 0 {
for _, msg := range m.Rlimits {
dAtA[i] = 0x5a
i++
i = encodeVarintShim(dAtA, i, uint64(msg.Size()))
n, err := msg.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n
}
}
if m.NoNewPrivileges {
dAtA[i] = 0x60
i++
if m.NoNewPrivileges {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i++
}
if len(m.ApparmorProfile) > 0 {
dAtA[i] = 0x6a
i++
i = encodeVarintShim(dAtA, i, uint64(len(m.ApparmorProfile)))
i += copy(dAtA[i:], m.ApparmorProfile)
}
return i, nil
}
@ -1279,47 +1187,8 @@ func (m *ExecRequest) Size() (n int) {
if l > 0 {
n += 1 + l + sovShim(uint64(l))
}
l = len(m.SelinuxLabel)
if l > 0 {
n += 1 + l + sovShim(uint64(l))
}
if m.User != nil {
l = m.User.Size()
n += 1 + l + sovShim(uint64(l))
}
if len(m.Args) > 0 {
for _, s := range m.Args {
l = len(s)
n += 1 + l + sovShim(uint64(l))
}
}
if len(m.Env) > 0 {
for _, s := range m.Env {
l = len(s)
n += 1 + l + sovShim(uint64(l))
}
}
l = len(m.Cwd)
if l > 0 {
n += 1 + l + sovShim(uint64(l))
}
if len(m.Capabilities) > 0 {
for _, s := range m.Capabilities {
l = len(s)
n += 1 + l + sovShim(uint64(l))
}
}
if len(m.Rlimits) > 0 {
for _, e := range m.Rlimits {
l = e.Size()
n += 1 + l + sovShim(uint64(l))
}
}
if m.NoNewPrivileges {
n += 2
}
l = len(m.ApparmorProfile)
if l > 0 {
if m.Spec != nil {
l = m.Spec.Size()
n += 1 + l + sovShim(uint64(l))
}
return n
@ -1500,15 +1369,7 @@ func (this *ExecRequest) String() string {
`Stdin:` + fmt.Sprintf("%v", this.Stdin) + `,`,
`Stdout:` + fmt.Sprintf("%v", this.Stdout) + `,`,
`Stderr:` + fmt.Sprintf("%v", this.Stderr) + `,`,
`SelinuxLabel:` + fmt.Sprintf("%v", this.SelinuxLabel) + `,`,
`User:` + strings.Replace(fmt.Sprintf("%v", this.User), "User", "containerd_v1_types1.User", 1) + `,`,
`Args:` + fmt.Sprintf("%v", this.Args) + `,`,
`Env:` + fmt.Sprintf("%v", this.Env) + `,`,
`Cwd:` + fmt.Sprintf("%v", this.Cwd) + `,`,
`Capabilities:` + fmt.Sprintf("%v", this.Capabilities) + `,`,
`Rlimits:` + strings.Replace(fmt.Sprintf("%v", this.Rlimits), "Rlimit", "Rlimit", 1) + `,`,
`NoNewPrivileges:` + fmt.Sprintf("%v", this.NoNewPrivileges) + `,`,
`ApparmorProfile:` + fmt.Sprintf("%v", this.ApparmorProfile) + `,`,
`Spec:` + strings.Replace(fmt.Sprintf("%v", this.Spec), "Any", "google_protobuf.Any", 1) + `,`,
`}`,
}, "")
return s
@ -2304,36 +2165,7 @@ func (m *ExecRequest) Unmarshal(dAtA []byte) error {
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SelinuxLabel", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthShim
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.SelinuxLabel = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field User", wireType)
return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
@ -2357,209 +2189,13 @@ func (m *ExecRequest) Unmarshal(dAtA []byte) error {
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.User == nil {
m.User = &containerd_v1_types1.User{}
if m.Spec == nil {
m.Spec = &google_protobuf.Any{}
}
if err := m.User.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Args", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthShim
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Args = append(m.Args, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Env", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthShim
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Env = append(m.Env, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Cwd", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthShim
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Cwd = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 10:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Capabilities", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthShim
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Capabilities = append(m.Capabilities, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 11:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Rlimits", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthShim
}
postIndex := iNdEx + msglen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Rlimits = append(m.Rlimits, &Rlimit{})
if err := m.Rlimits[len(m.Rlimits)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 12:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field NoNewPrivileges", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
m.NoNewPrivileges = bool(v != 0)
case 13:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ApparmorProfile", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowShim
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthShim
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ApparmorProfile = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipShim(dAtA[iNdEx:])
@ -3411,64 +3047,56 @@ func init() {
}
var fileDescriptorShim = []byte{
// 940 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x55, 0xcf, 0x6f, 0xe3, 0x44,
0x14, 0x5e, 0x27, 0xa9, 0xdb, 0xbc, 0xc4, 0xed, 0x32, 0x5a, 0x55, 0xb3, 0x29, 0xca, 0x06, 0xef,
0x81, 0xb4, 0x08, 0x87, 0xcd, 0x5e, 0x00, 0x09, 0x09, 0x2d, 0x2d, 0x02, 0x54, 0x50, 0x34, 0x15,
0x27, 0x24, 0x22, 0x27, 0x9e, 0x26, 0x23, 0x6c, 0x8f, 0x99, 0x19, 0xa7, 0xed, 0x8d, 0x33, 0xff,
0x0f, 0xff, 0x00, 0xa7, 0x3d, 0x72, 0x41, 0xe2, 0x84, 0xd8, 0xfc, 0x25, 0x68, 0x66, 0xec, 0xa4,
0x81, 0xfc, 0xe8, 0x5e, 0xac, 0x37, 0x9f, 0xbf, 0x37, 0x3f, 0xbe, 0xf7, 0xcd, 0x1b, 0xf8, 0x64,
0xc2, 0xd4, 0x34, 0x1f, 0x05, 0x63, 0x9e, 0xf4, 0x22, 0x3e, 0xfe, 0x89, 0x8a, 0xde, 0x98, 0xa7,
0x2a, 0x64, 0x29, 0x15, 0x51, 0x2f, 0xcc, 0x58, 0x4f, 0x52, 0x31, 0x63, 0x63, 0x2a, 0x7b, 0x72,
0xca, 0x12, 0xf3, 0x09, 0x32, 0xc1, 0x15, 0x47, 0x27, 0x4b, 0x62, 0x30, 0x7b, 0x11, 0x94, 0xbc,
0x40, 0x53, 0x5a, 0x27, 0x13, 0xce, 0x27, 0x31, 0xed, 0x19, 0xea, 0x28, 0xbf, 0xee, 0xd1, 0x24,
0x53, 0x77, 0x36, 0xb3, 0xf5, 0x64, 0xc2, 0x27, 0xdc, 0x84, 0x3d, 0x1d, 0x15, 0xe8, 0xc7, 0x3b,
0xb7, 0xa2, 0xee, 0x32, 0x2a, 0x7b, 0x09, 0xcf, 0x53, 0x65, 0xbf, 0x45, 0xe6, 0xe7, 0x0f, 0xcc,
0x5c, 0x80, 0xcb, 0xc8, 0xce, 0xe0, 0xff, 0x5a, 0x01, 0xef, 0x0b, 0x41, 0x43, 0x45, 0x09, 0xfd,
0x39, 0xa7, 0x52, 0xa1, 0x63, 0xa8, 0xb0, 0x08, 0x3b, 0x1d, 0xa7, 0x5b, 0x7f, 0xe5, 0xce, 0xff,
0x7e, 0x56, 0xf9, 0xfa, 0x9c, 0x54, 0x58, 0x84, 0x8e, 0xc1, 0x1d, 0xe5, 0x69, 0x14, 0x53, 0x5c,
0xd1, 0xff, 0x48, 0x31, 0x42, 0x18, 0xf6, 0x45, 0x9e, 0x2a, 0x96, 0x50, 0x5c, 0x35, 0x3f, 0xca,
0x21, 0x7a, 0x0a, 0x07, 0x29, 0x1f, 0x66, 0x6c, 0xc6, 0x15, 0xae, 0x75, 0x9c, 0xee, 0x01, 0xd9,
0x4f, 0xf9, 0x40, 0x0f, 0x51, 0x0b, 0x0e, 0x14, 0x15, 0x09, 0x4b, 0xc3, 0x18, 0xef, 0x99, 0x5f,
0x8b, 0x31, 0x7a, 0x02, 0x7b, 0x52, 0x45, 0x2c, 0xc5, 0xae, 0x99, 0xce, 0x0e, 0xf4, 0xf2, 0x52,
0x45, 0x3c, 0x57, 0x78, 0xdf, 0x2e, 0x6f, 0x47, 0x05, 0x4e, 0x85, 0xc0, 0x07, 0x0b, 0x9c, 0x0a,
0x81, 0xfa, 0xe0, 0x0a, 0xce, 0xd5, 0xb5, 0xc4, 0xf5, 0x4e, 0xb5, 0xdb, 0xe8, 0xb7, 0x82, 0xd5,
0xaa, 0x19, 0x61, 0x82, 0x6f, 0xb5, 0x98, 0xa4, 0x60, 0xfa, 0x3e, 0x1c, 0x96, 0x5a, 0xc8, 0x8c,
0xa7, 0x92, 0xa2, 0xc7, 0x50, 0xcd, 0x0a, 0x35, 0x3c, 0xa2, 0x43, 0xff, 0x10, 0x9a, 0x57, 0x2a,
0x14, 0xaa, 0x90, 0xcb, 0x7f, 0x0f, 0xbc, 0x73, 0x1a, 0xd3, 0xa5, 0x7e, 0xff, 0x4f, 0x79, 0x01,
0x87, 0x25, 0xa5, 0x98, 0xf6, 0x19, 0x34, 0xe8, 0x2d, 0x53, 0x43, 0xa9, 0x42, 0x95, 0xcb, 0x82,
0x0b, 0x1a, 0xba, 0x32, 0x88, 0xff, 0x5b, 0x15, 0x1a, 0x17, 0xb7, 0x74, 0x5c, 0x4e, 0x7a, 0x5f,
0x2f, 0x67, 0x93, 0x5e, 0x95, 0xf5, 0x7a, 0x55, 0x37, 0xe8, 0x55, 0x5b, 0xd1, 0xeb, 0x39, 0x78,
0x92, 0xc6, 0x2c, 0xcd, 0x6f, 0x87, 0x71, 0x38, 0xa2, 0xb6, 0x2c, 0x75, 0xd2, 0x2c, 0xc0, 0x4b,
0x8d, 0xa1, 0x0f, 0xa1, 0x96, 0x4b, 0x2a, 0x4c, 0x65, 0x1a, 0xfd, 0xa7, 0x6b, 0x25, 0xfd, 0x5e,
0x52, 0x41, 0x0c, 0x0d, 0x21, 0xa8, 0x85, 0x62, 0x22, 0xf1, 0x7e, 0xa7, 0xda, 0xad, 0x13, 0x13,
0x6b, 0x79, 0x68, 0x3a, 0xc3, 0x07, 0x06, 0xd2, 0xa1, 0x46, 0xc6, 0x37, 0x11, 0xae, 0x9b, 0xf5,
0x74, 0x88, 0x7c, 0x68, 0x8e, 0xc3, 0x2c, 0x1c, 0xb1, 0x98, 0x29, 0x46, 0x25, 0x06, 0x43, 0x5e,
0xc1, 0xd0, 0x67, 0xb0, 0x2f, 0x62, 0x96, 0x30, 0x25, 0x71, 0xc3, 0x14, 0xf8, 0x79, 0xb0, 0xe5,
0x5a, 0x06, 0xc4, 0x70, 0x49, 0x99, 0x83, 0xce, 0xe0, 0x9d, 0x94, 0x0f, 0x53, 0x7a, 0x33, 0xcc,
0x04, 0x9b, 0xb1, 0x98, 0x4e, 0xa8, 0xc4, 0x4d, 0xa3, 0xec, 0x51, 0xca, 0xbf, 0xa3, 0x37, 0x83,
0x05, 0x8c, 0x4e, 0xe1, 0x71, 0x98, 0x65, 0xa1, 0x48, 0xb8, 0x18, 0x66, 0x82, 0x5f, 0xb3, 0x98,
0x62, 0xcf, 0xec, 0xf6, 0xa8, 0xc4, 0x07, 0x16, 0xf6, 0xcf, 0xc1, 0xb5, 0x2b, 0xe9, 0xb3, 0x6b,
0x3d, 0xec, 0x45, 0x22, 0x26, 0xd6, 0xd8, 0x34, 0x14, 0x91, 0x29, 0x54, 0x8d, 0x98, 0x58, 0x63,
0x92, 0x5f, 0xdb, 0x2a, 0xd5, 0x88, 0x89, 0xfd, 0x0e, 0x34, 0x6d, 0xf1, 0x37, 0xba, 0xf0, 0x12,
0x60, 0xa0, 0xee, 0x36, 0x5a, 0x4e, 0x7b, 0xe2, 0x86, 0x45, 0x6a, 0x6a, 0x96, 0xf2, 0x88, 0x1d,
0xe8, 0xda, 0x4f, 0x29, 0x9b, 0x4c, 0xed, 0x6a, 0x1e, 0x29, 0x46, 0xfe, 0x11, 0x78, 0x17, 0x33,
0x9a, 0x2a, 0x59, 0x9a, 0xda, 0x9a, 0x7c, 0xe1, 0x69, 0xff, 0x77, 0x07, 0xbc, 0x02, 0x28, 0xb6,
0xf4, 0xb6, 0x5d, 0xa2, 0xd8, 0x62, 0x75, 0xb9, 0xc5, 0x97, 0xda, 0x88, 0xc6, 0xfe, 0xda, 0x88,
0x87, 0xfd, 0x93, 0xb5, 0x6e, 0xb2, 0xf7, 0x81, 0x14, 0x54, 0xf4, 0x29, 0xd4, 0x33, 0xc1, 0xc7,
0x54, 0x4a, 0x2a, 0xf1, 0x9e, 0xa9, 0xfb, 0xbb, 0x6b, 0xf3, 0x06, 0x96, 0x45, 0x96, 0x74, 0x7d,
0xa8, 0x41, 0x98, 0xcb, 0xc5, 0xa1, 0x8e, 0xc0, 0x23, 0x54, 0xe6, 0xc9, 0x02, 0xf0, 0xf4, 0x9d,
0x63, 0xe5, 0xcd, 0xee, 0xff, 0xe9, 0x42, 0xed, 0x6a, 0xca, 0x12, 0x14, 0x82, 0x6b, 0xdb, 0x02,
0x3a, 0xdb, 0xea, 0xb1, 0x95, 0x3e, 0xda, 0xfa, 0xe0, 0x41, 0xdc, 0x42, 0xce, 0x6f, 0x60, 0xcf,
0x74, 0x15, 0x74, 0xba, 0x35, 0xeb, 0x7e, 0xe7, 0x69, 0x1d, 0x07, 0xf6, 0xa9, 0x09, 0xca, 0xa7,
0x26, 0xb8, 0xd0, 0x4f, 0x8d, 0xde, 0xae, 0x6d, 0x37, 0x3b, 0xb6, 0xbb, 0xd2, 0xb6, 0x76, 0x6c,
0xf7, 0x3f, 0xfd, 0xeb, 0x07, 0xa8, 0x69, 0x83, 0xa2, 0xee, 0xd6, 0xa4, 0x7b, 0x0d, 0xac, 0x75,
0xfa, 0x00, 0x66, 0x31, 0xf9, 0x97, 0x50, 0x1d, 0xa8, 0x3b, 0xf4, 0xfe, 0xd6, 0x8c, 0xa5, 0xfb,
0x37, 0xea, 0x40, 0xc0, 0xb5, 0xae, 0xde, 0xa1, 0xc3, 0x8a, 0xf5, 0x5b, 0xeb, 0xdf, 0x09, 0xc3,
0xf9, 0xc8, 0x41, 0x3f, 0x9a, 0x3a, 0x29, 0xba, 0xbb, 0x4e, 0x4b, 0x65, 0xcf, 0x1e, 0x42, 0x5d,
0xfa, 0xc0, 0x78, 0x74, 0xc7, 0xfc, 0xf7, 0x7d, 0xbc, 0xf1, 0xfc, 0x97, 0xe0, 0x5a, 0x7f, 0xef,
0x38, 0xff, 0xca, 0x25, 0xd8, 0x38, 0xdb, 0x57, 0xba, 0xe4, 0x4c, 0xed, 0x2c, 0x39, 0xdb, 0xe5,
0xcf, 0x57, 0xf8, 0xf5, 0x9b, 0xf6, 0xa3, 0xbf, 0xde, 0xb4, 0x1f, 0xfd, 0x32, 0x6f, 0x3b, 0xaf,
0xe7, 0x6d, 0xe7, 0x8f, 0x79, 0xdb, 0xf9, 0x67, 0xde, 0x76, 0x46, 0xae, 0x61, 0xbe, 0xfc, 0x37,
0x00, 0x00, 0xff, 0xff, 0x76, 0x3b, 0x6e, 0x21, 0x9c, 0x09, 0x00, 0x00,
// 804 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0x4f, 0x8f, 0xdb, 0x44,
0x14, 0xaf, 0x13, 0xaf, 0x77, 0xf7, 0xa5, 0x4e, 0xd1, 0x68, 0xb5, 0x72, 0xbd, 0x28, 0x0d, 0xbe,
0x90, 0x16, 0xc9, 0xa6, 0xe9, 0x05, 0x38, 0x41, 0xd9, 0x45, 0x80, 0x8a, 0x14, 0xcd, 0x1e, 0x91,
0xa8, 0x9c, 0x78, 0x36, 0x19, 0x11, 0x7b, 0x8c, 0x67, 0x1c, 0x9a, 0x1b, 0x67, 0xbe, 0x01, 0x5f,
0x87, 0x53, 0x8f, 0x5c, 0x90, 0x38, 0x21, 0x9a, 0x4f, 0x82, 0xe6, 0x8f, 0xe3, 0xa4, 0x4d, 0xe2,
0xf4, 0x62, 0xcd, 0x7b, 0xf3, 0x7b, 0xcf, 0xef, 0xfd, 0xde, 0xef, 0x0d, 0x7c, 0x3e, 0xa5, 0x62,
0x56, 0x8e, 0xc3, 0x09, 0x4b, 0xa3, 0x84, 0x4d, 0x7e, 0x26, 0x45, 0x34, 0x61, 0x99, 0x88, 0x69,
0x46, 0x8a, 0x24, 0x8a, 0x73, 0x1a, 0x71, 0x52, 0x2c, 0xe8, 0x84, 0xf0, 0x88, 0xcf, 0x68, 0xaa,
0x3e, 0x61, 0x5e, 0x30, 0xc1, 0xd0, 0x55, 0x0d, 0x0c, 0x17, 0x4f, 0xc3, 0x0a, 0x17, 0x4a, 0x88,
0xff, 0x70, 0xca, 0xd8, 0x74, 0x4e, 0x22, 0x05, 0x1d, 0x97, 0x77, 0x51, 0x9c, 0x2d, 0x75, 0x9c,
0x7f, 0xf5, 0xf6, 0x15, 0x49, 0x73, 0x51, 0x5d, 0x5e, 0x4c, 0xd9, 0x94, 0xa9, 0x63, 0x24, 0x4f,
0xc6, 0xfb, 0x59, 0x63, 0x95, 0x62, 0x99, 0x13, 0x1e, 0xa5, 0xac, 0xcc, 0x84, 0xfe, 0x9a, 0xc8,
0x2f, 0x8f, 0x8c, 0x5c, 0x3b, 0xeb, 0x93, 0xce, 0x10, 0xfc, 0xde, 0x02, 0xf7, 0xeb, 0x82, 0xc4,
0x82, 0x60, 0xf2, 0x4b, 0x49, 0xb8, 0x40, 0x97, 0xd0, 0xa2, 0x89, 0x67, 0xf5, 0xad, 0xc1, 0xf9,
0x73, 0x67, 0xf5, 0xef, 0xa3, 0xd6, 0x77, 0xd7, 0xb8, 0x45, 0x13, 0x74, 0x09, 0xce, 0xb8, 0xcc,
0x92, 0x39, 0xf1, 0x5a, 0xf2, 0x0e, 0x1b, 0x0b, 0x79, 0x70, 0x5a, 0x94, 0x99, 0xa0, 0x29, 0xf1,
0xda, 0xea, 0xa2, 0x32, 0xd1, 0x43, 0x38, 0xcb, 0xd8, 0xcb, 0x9c, 0x2e, 0x98, 0xf0, 0xec, 0xbe,
0x35, 0x38, 0xc3, 0xa7, 0x19, 0x1b, 0x49, 0x13, 0xf9, 0x70, 0x26, 0x48, 0x91, 0xd2, 0x2c, 0x9e,
0x7b, 0x27, 0xea, 0x6a, 0x6d, 0xa3, 0x0b, 0x38, 0xe1, 0x22, 0xa1, 0x99, 0xe7, 0xa8, 0x74, 0xda,
0x90, 0xbf, 0xe7, 0x22, 0x61, 0xa5, 0xf0, 0x4e, 0xf5, 0xef, 0xb5, 0x65, 0xfc, 0xa4, 0x28, 0xbc,
0xb3, 0xb5, 0x9f, 0x14, 0x05, 0x1a, 0x82, 0x53, 0x30, 0x26, 0xee, 0xb8, 0x77, 0xde, 0x6f, 0x0f,
0x3a, 0x43, 0x3f, 0xdc, 0x1e, 0xa8, 0x22, 0x26, 0xfc, 0x41, 0x92, 0x89, 0x0d, 0x32, 0x08, 0xa0,
0x5b, 0x71, 0xc1, 0x73, 0x96, 0x71, 0x82, 0x3e, 0x80, 0x76, 0x6e, 0xd8, 0x70, 0xb1, 0x3c, 0x06,
0x5d, 0xb8, 0x7f, 0x2b, 0xe2, 0x42, 0x18, 0xba, 0x82, 0x8f, 0xc0, 0xbd, 0x26, 0x73, 0x52, 0xf3,
0xf7, 0x6e, 0xc8, 0x53, 0xe8, 0x56, 0x10, 0x93, 0xf6, 0x11, 0x74, 0xc8, 0x2b, 0x2a, 0x5e, 0x72,
0x11, 0x8b, 0x92, 0x1b, 0x2c, 0x48, 0xd7, 0xad, 0xf2, 0x04, 0x7f, 0x58, 0xd0, 0xb9, 0x79, 0x45,
0x26, 0x55, 0xd2, 0x4d, 0xbe, 0xac, 0x7d, 0x7c, 0xb5, 0x76, 0xf3, 0xd5, 0xde, 0xc3, 0x97, 0xbd,
0xc5, 0xd7, 0x00, 0x6c, 0x9e, 0x93, 0x89, 0x9a, 0x46, 0x67, 0x78, 0x11, 0x6a, 0x19, 0x87, 0x95,
0x8c, 0xc3, 0xaf, 0xb2, 0x25, 0x56, 0x88, 0xe0, 0x1a, 0x1c, 0x3c, 0xa7, 0x29, 0x15, 0x08, 0x81,
0x2d, 0x69, 0xd4, 0x62, 0xc1, 0xea, 0x2c, 0x7d, 0xb3, 0xb8, 0x48, 0x54, 0x31, 0x36, 0x56, 0x67,
0xe9, 0xe3, 0xec, 0x4e, 0x57, 0x62, 0x63, 0x75, 0x0e, 0xfa, 0x70, 0x5f, 0x37, 0xb8, 0x97, 0xe9,
0x17, 0x00, 0x23, 0xb1, 0xdc, 0x4b, 0xab, 0xec, 0xfb, 0x57, 0x9a, 0x88, 0x99, 0xfa, 0x95, 0x8b,
0xb5, 0x21, 0xfb, 0x9b, 0x11, 0x3a, 0x9d, 0xe9, 0xbf, 0xb9, 0xd8, 0x58, 0xc1, 0x03, 0x70, 0x6f,
0x16, 0x24, 0x13, 0xbc, 0x1a, 0x9c, 0x1e, 0xe4, 0x7a, 0x6e, 0xc1, 0x9f, 0x16, 0xb8, 0xc6, 0x61,
0x4a, 0x7a, 0xdf, 0x4d, 0x30, 0x25, 0xb6, 0xeb, 0x12, 0x9f, 0x49, 0xb2, 0xd5, 0x88, 0x25, 0xd9,
0xdd, 0xe1, 0xd5, 0x4e, 0x11, 0xea, 0x99, 0x63, 0x03, 0x45, 0x5f, 0xc0, 0x79, 0x5e, 0xb0, 0x09,
0xe1, 0x9c, 0x70, 0xef, 0x44, 0x89, 0xf7, 0xc3, 0x9d, 0x71, 0x23, 0x8d, 0xc2, 0x35, 0x5c, 0x36,
0x35, 0x8a, 0x4b, 0xbe, 0x6e, 0xea, 0x01, 0xb8, 0x98, 0xf0, 0x32, 0x5d, 0x3b, 0x5c, 0xa9, 0x2b,
0x5a, 0xa9, 0x77, 0xf8, 0xb7, 0x03, 0xf6, 0xed, 0x8c, 0xa6, 0x28, 0x06, 0x47, 0x4b, 0x1f, 0x3d,
0x09, 0x0f, 0xbc, 0x7c, 0xe1, 0xd6, 0x5b, 0xe1, 0x7f, 0x72, 0x14, 0xd6, 0xd0, 0xf9, 0x3d, 0x9c,
0xa8, 0xcd, 0x41, 0x8f, 0x0f, 0x46, 0x6d, 0x6e, 0x97, 0x7f, 0xf9, 0x8e, 0x0e, 0x6f, 0xe4, 0x73,
0x2a, 0xcb, 0xd5, 0x2b, 0xd5, 0x50, 0xee, 0xd6, 0x6a, 0x36, 0x94, 0xfb, 0xd6, 0x8e, 0xfe, 0x08,
0xb6, 0x14, 0x28, 0x1a, 0x1c, 0x0c, 0xda, 0x58, 0x52, 0xff, 0xf1, 0x11, 0x48, 0x93, 0xfc, 0x1b,
0x68, 0x8f, 0xc4, 0x12, 0x7d, 0x7c, 0x30, 0xa2, 0x56, 0xff, 0x5e, 0x1e, 0x30, 0x38, 0x5a, 0xd5,
0x0d, 0x3c, 0x6c, 0x49, 0xdf, 0xdf, 0xfd, 0x16, 0x2a, 0xcc, 0xa7, 0x16, 0xfa, 0x49, 0xcd, 0x49,
0x90, 0xe6, 0x39, 0xd5, 0xcc, 0x3e, 0x39, 0x06, 0x5a, 0xeb, 0x40, 0x69, 0xb4, 0x21, 0xff, 0xa6,
0x8e, 0xf7, 0xf6, 0xff, 0x02, 0x1c, 0xad, 0xef, 0x86, 0xfe, 0xb7, 0x96, 0x60, 0x6f, 0xb6, 0x6f,
0xe5, 0xc8, 0xa9, 0x68, 0x1c, 0x39, 0x6d, 0xd2, 0xe7, 0x73, 0xef, 0xf5, 0x9b, 0xde, 0xbd, 0x7f,
0xde, 0xf4, 0xee, 0xfd, 0xb6, 0xea, 0x59, 0xaf, 0x57, 0x3d, 0xeb, 0xaf, 0x55, 0xcf, 0xfa, 0x6f,
0xd5, 0xb3, 0xc6, 0x8e, 0x42, 0x3e, 0xfb, 0x3f, 0x00, 0x00, 0xff, 0xff, 0x83, 0x97, 0x53, 0x90,
0x9b, 0x08, 0x00, 0x00,
}

11
api/services/shim/shim.proto
View File

@ -2,6 +2,7 @@ syntax = "proto3";
package containerd.v1.services.shim;
import "google/protobuf/any.proto";
import "google/protobuf/empty.proto";
import "gogoproto/gogo.proto";
import "github.com/docker/containerd/api/types/mount/mount.proto";
@ -52,15 +53,7 @@ message ExecRequest {
string stdin = 2;
string stdout = 3;
string stderr = 4;
string selinux_label = 5;
containerd.v1.types.User user = 6;
repeated string args = 7;
repeated string env = 8;
string cwd = 9;
repeated string capabilities = 10;
repeated Rlimit rlimits = 11;
bool no_new_privileges = 12;
string apparmor_profile = 13;
google.protobuf.Any spec = 5;
}
message Rlimit {

18
cmd/ctr/shim.go
View File

@ -19,8 +19,10 @@ import (
"github.com/Sirupsen/logrus"
"github.com/crosbymichael/console"
"github.com/docker/containerd/api/services/shim"
"github.com/urfave/cli"
protobuf "github.com/gogo/protobuf/types"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"github.com/urfave/cli"
)
var fifoFlags = []cli.Flag{
@ -214,10 +216,18 @@ var shimExecCommand = cli.Command{
if err != nil {
return err
}
// read spec file and extract Any object
spec, err := ioutil.ReadFile(context.String("spec"))
if err != nil {
return err
}
rq := &shim.ExecRequest{
Args: []string(context.Args()),
Env: context.StringSlice("env"),
Cwd: context.String("cwd"),
Spec: &protobuf.Any{
TypeUrl: specs.Version,
Value: spec,
},
Stdin: context.String("stdin"),
Stdout: context.String("stdout"),
Stderr: context.String("stderr"),

32
linux/shim/exec.go
View File

@ -2,6 +2,7 @@ package shim
import (
"context"
"encoding/json"
"fmt"
"os"
"path/filepath"
@ -57,7 +58,15 @@ func newExecProcess(context context.Context, r *shimapi.ExecRequest, parent *ini
IO: io,
Detach: true,
}
if err := parent.runc.Exec(context, parent.id, processFromRequest(r), opts); err != nil {
// process exec request
var spec specs.Process
if err := json.Unmarshal(r.Spec.Value, &spec); err != nil {
return nil, err
}
spec.Terminal = r.Terminal
if err := parent.runc.Exec(context, parent.id, spec, opts); err != nil {
return nil, err
}
if socket != nil {
@ -82,27 +91,6 @@ func newExecProcess(context context.Context, r *shimapi.ExecRequest, parent *ini
return e, nil
}
func processFromRequest(r *shimapi.ExecRequest) specs.Process {
var user specs.User
if r.User != nil {
user.UID = r.User.Uid
user.GID = r.User.Gid
user.AdditionalGids = r.User.AdditionalGids
}
return specs.Process{
Terminal: r.Terminal,
User: user,
Rlimits: rlimits(r.Rlimits),
Args: r.Args,
Env: r.Env,
Cwd: r.Cwd,
Capabilities: r.Capabilities,
NoNewPrivileges: r.NoNewPrivileges,
ApparmorProfile: r.ApparmorProfile,
SelinuxLabel: r.SelinuxLabel,
}
}
func rlimits(rr []*shimapi.Rlimit) (o []specs.LinuxRlimit) {
for _, r := range rr {
o = append(o, specs.LinuxRlimit{