godep update ocitools/generate
Signed-off-by: Haiyan Meng <hmeng@redhat.com>
This commit is contained in:
parent
c0a267bf56
commit
f2a2b06e61
4 changed files with 248 additions and 151 deletions
2
Godeps/Godeps.json
generated
2
Godeps/Godeps.json
generated
|
@ -277,7 +277,7 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/opencontainers/ocitools/generate",
|
"ImportPath": "github.com/opencontainers/ocitools/generate",
|
||||||
"Rev": "3c4fc86f2c260090282737419c83c43c47630df8"
|
"Rev": "bc8aadb6bbc2ceac25b0f247244c96a1432c2c1a"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ImportPath": "github.com/opencontainers/runc/libcontainer/user",
|
"ImportPath": "github.com/opencontainers/runc/libcontainer/user",
|
||||||
|
|
21
vendor/github.com/opencontainers/ocitools/generate/default.go
generated
vendored
21
vendor/github.com/opencontainers/ocitools/generate/default.go
generated
vendored
|
@ -1,21 +0,0 @@
|
||||||
package generate
|
|
||||||
|
|
||||||
var (
|
|
||||||
// DefaultCaps include the default capabilities.
|
|
||||||
DefaultCaps = []string{
|
|
||||||
"CAP_CHOWN",
|
|
||||||
"CAP_DAC_OVERRIDE",
|
|
||||||
"CAP_FSETID",
|
|
||||||
"CAP_FOWNER",
|
|
||||||
"CAP_MKNOD",
|
|
||||||
"CAP_NET_RAW",
|
|
||||||
"CAP_SETGID",
|
|
||||||
"CAP_SETUID",
|
|
||||||
"CAP_SETFCAP",
|
|
||||||
"CAP_SETPCAP",
|
|
||||||
"CAP_NET_BIND_SERVICE",
|
|
||||||
"CAP_SYS_CHROOT",
|
|
||||||
"CAP_KILL",
|
|
||||||
"CAP_AUDIT_WRITE",
|
|
||||||
}
|
|
||||||
)
|
|
314
vendor/github.com/opencontainers/ocitools/generate/generate.go
generated
vendored
314
vendor/github.com/opencontainers/ocitools/generate/generate.go
generated
vendored
|
@ -22,6 +22,7 @@ var (
|
||||||
// Generator represents a generator for a container spec.
|
// Generator represents a generator for a container spec.
|
||||||
type Generator struct {
|
type Generator struct {
|
||||||
spec *rspec.Spec
|
spec *rspec.Spec
|
||||||
|
HostSpecific bool
|
||||||
}
|
}
|
||||||
|
|
||||||
// New creates a spec Generator with the default spec.
|
// New creates a spec Generator with the default spec.
|
||||||
|
@ -139,12 +140,16 @@ func New() Generator {
|
||||||
Devices: []rspec.Device{},
|
Devices: []rspec.Device{},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
return Generator{&spec}
|
return Generator{
|
||||||
|
spec: &spec,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewFromSpec creates a spec Generator from a given spec.
|
// NewFromSpec creates a spec Generator from a given spec.
|
||||||
func NewFromSpec(spec *rspec.Spec) Generator {
|
func NewFromSpec(spec *rspec.Spec) Generator {
|
||||||
return Generator{spec}
|
return Generator{
|
||||||
|
spec: spec,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewFromFile loads the template specifed in a file into a spec Generator.
|
// NewFromFile loads the template specifed in a file into a spec Generator.
|
||||||
|
@ -166,21 +171,23 @@ func NewFromTemplate(r io.Reader) (Generator, error) {
|
||||||
if err := json.NewDecoder(r).Decode(&spec); err != nil {
|
if err := json.NewDecoder(r).Decode(&spec); err != nil {
|
||||||
return Generator{}, err
|
return Generator{}, err
|
||||||
}
|
}
|
||||||
return Generator{&spec}, nil
|
return Generator{
|
||||||
|
spec: &spec,
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetSpec sets the spec in the Generator g.
|
// SetSpec sets the spec in the Generator g.
|
||||||
func (g Generator) SetSpec(spec *rspec.Spec) {
|
func (g *Generator) SetSpec(spec *rspec.Spec) {
|
||||||
g.spec = spec
|
g.spec = spec
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetSpec gets the spec in the Generator g.
|
// Spec gets the spec in the Generator g.
|
||||||
func (g Generator) GetSpec() *rspec.Spec {
|
func (g *Generator) Spec() *rspec.Spec {
|
||||||
return g.spec
|
return g.spec
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save writes the spec into w.
|
// Save writes the spec into w.
|
||||||
func (g Generator) Save(w io.Writer) error {
|
func (g *Generator) Save(w io.Writer) error {
|
||||||
data, err := json.MarshalIndent(g.spec, "", "\t")
|
data, err := json.MarshalIndent(g.spec, "", "\t")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -195,7 +202,7 @@ func (g Generator) Save(w io.Writer) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// SaveToFile writes the spec into a file.
|
// SaveToFile writes the spec into a file.
|
||||||
func (g Generator) SaveToFile(path string) error {
|
func (g *Generator) SaveToFile(path string) error {
|
||||||
f, err := os.Create(path)
|
f, err := os.Create(path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -205,35 +212,38 @@ func (g Generator) SaveToFile(path string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetVersion sets g.spec.Version.
|
// SetVersion sets g.spec.Version.
|
||||||
func (g Generator) SetVersion(version string) {
|
func (g *Generator) SetVersion(version string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Version = version
|
g.spec.Version = version
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetRootPath sets g.spec.Root.Path.
|
// SetRootPath sets g.spec.Root.Path.
|
||||||
func (g Generator) SetRootPath(path string) {
|
func (g *Generator) SetRootPath(path string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Root.Path = path
|
g.spec.Root.Path = path
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetRootReadonly sets g.spec.Root.Readonly.
|
// SetRootReadonly sets g.spec.Root.Readonly.
|
||||||
func (g Generator) SetRootReadonly(b bool) {
|
func (g *Generator) SetRootReadonly(b bool) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Root.Readonly = b
|
g.spec.Root.Readonly = b
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetHostname sets g.spec.Hostname.
|
// SetHostname sets g.spec.Hostname.
|
||||||
func (g Generator) SetHostname(s string) {
|
func (g *Generator) SetHostname(s string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Hostname = s
|
g.spec.Hostname = s
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearAnnotations clears g.spec.Annotations.
|
// ClearAnnotations clears g.spec.Annotations.
|
||||||
func (g Generator) ClearAnnotations() {
|
func (g *Generator) ClearAnnotations() {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Annotations = make(map[string]string)
|
g.spec.Annotations = make(map[string]string)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddAnnotation adds an annotation into g.spec.Annotations.
|
// AddAnnotation adds an annotation into g.spec.Annotations.
|
||||||
func (g Generator) AddAnnotation(s string) error {
|
func (g *Generator) AddAnnotation(s string) error {
|
||||||
if g.spec.Annotations == nil {
|
g.initSpecAnnotations()
|
||||||
g.spec.Annotations = make(map[string]string)
|
|
||||||
}
|
|
||||||
|
|
||||||
pair := strings.Split(s, "=")
|
pair := strings.Split(s, "=")
|
||||||
if len(pair) != 2 {
|
if len(pair) != 2 {
|
||||||
|
@ -244,80 +254,93 @@ func (g Generator) AddAnnotation(s string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveAnnotation remove an annotation from g.spec.Annotations.
|
// RemoveAnnotation remove an annotation from g.spec.Annotations.
|
||||||
func (g Generator) RemoveAnnotation(key string) {
|
func (g *Generator) RemoveAnnotation(key string) {
|
||||||
if g.spec.Annotations == nil {
|
if g.spec == nil || g.spec.Annotations == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
delete(g.spec.Annotations, key)
|
delete(g.spec.Annotations, key)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetPlatformOS sets g.spec.Process.OS.
|
// SetPlatformOS sets g.spec.Process.OS.
|
||||||
func (g Generator) SetPlatformOS(os string) {
|
func (g *Generator) SetPlatformOS(os string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Platform.OS = os
|
g.spec.Platform.OS = os
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetPlatformArch sets g.spec.Platform.Arch.
|
// SetPlatformArch sets g.spec.Platform.Arch.
|
||||||
func (g Generator) SetPlatformArch(arch string) {
|
func (g *Generator) SetPlatformArch(arch string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Platform.Arch = arch
|
g.spec.Platform.Arch = arch
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessUID sets g.spec.Process.User.UID.
|
// SetProcessUID sets g.spec.Process.User.UID.
|
||||||
func (g Generator) SetProcessUID(uid uint32) {
|
func (g *Generator) SetProcessUID(uid uint32) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.User.UID = uid
|
g.spec.Process.User.UID = uid
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessGID sets g.spec.Process.User.GID.
|
// SetProcessGID sets g.spec.Process.User.GID.
|
||||||
func (g Generator) SetProcessGID(gid uint32) {
|
func (g *Generator) SetProcessGID(gid uint32) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.User.GID = gid
|
g.spec.Process.User.GID = gid
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessCwd sets g.spec.Process.Cwd.
|
// SetProcessCwd sets g.spec.Process.Cwd.
|
||||||
func (g Generator) SetProcessCwd(cwd string) {
|
func (g *Generator) SetProcessCwd(cwd string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.Cwd = cwd
|
g.spec.Process.Cwd = cwd
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessNoNewPrivileges sets g.spec.Process.NoNewPrivileges.
|
// SetProcessNoNewPrivileges sets g.spec.Process.NoNewPrivileges.
|
||||||
func (g Generator) SetProcessNoNewPrivileges(b bool) {
|
func (g *Generator) SetProcessNoNewPrivileges(b bool) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.NoNewPrivileges = b
|
g.spec.Process.NoNewPrivileges = b
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessTerminal sets g.spec.Process.Terminal.
|
// SetProcessTerminal sets g.spec.Process.Terminal.
|
||||||
func (g Generator) SetProcessTerminal(b bool) {
|
func (g *Generator) SetProcessTerminal(b bool) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.Terminal = b
|
g.spec.Process.Terminal = b
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessApparmorProfile sets g.spec.Process.ApparmorProfile.
|
// SetProcessApparmorProfile sets g.spec.Process.ApparmorProfile.
|
||||||
func (g Generator) SetProcessApparmorProfile(prof string) {
|
func (g *Generator) SetProcessApparmorProfile(prof string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.ApparmorProfile = prof
|
g.spec.Process.ApparmorProfile = prof
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessArgs sets g.spec.Process.Args.
|
// SetProcessArgs sets g.spec.Process.Args.
|
||||||
func (g Generator) SetProcessArgs(args []string) {
|
func (g *Generator) SetProcessArgs(args []string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.Args = args
|
g.spec.Process.Args = args
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearProcessEnv clears g.spec.Process.Env.
|
// ClearProcessEnv clears g.spec.Process.Env.
|
||||||
func (g Generator) ClearProcessEnv() {
|
func (g *Generator) ClearProcessEnv() {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.Env = []string{}
|
g.spec.Process.Env = []string{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddProcessEnv adds env into g.spec.Process.Env.
|
// AddProcessEnv adds env into g.spec.Process.Env.
|
||||||
func (g Generator) AddProcessEnv(env string) {
|
func (g *Generator) AddProcessEnv(env string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.Env = append(g.spec.Process.Env, env)
|
g.spec.Process.Env = append(g.spec.Process.Env, env)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearProcessAdditionalGids clear g.spec.Process.AdditionalGids.
|
// ClearProcessAdditionalGids clear g.spec.Process.AdditionalGids.
|
||||||
func (g Generator) ClearProcessAdditionalGids() {
|
func (g *Generator) ClearProcessAdditionalGids() {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.User.AdditionalGids = []uint32{}
|
g.spec.Process.User.AdditionalGids = []uint32{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddProcessAdditionalGid adds an additional gid into g.spec.Process.AdditionalGids.
|
// AddProcessAdditionalGid adds an additional gid into g.spec.Process.AdditionalGids.
|
||||||
func (g Generator) AddProcessAdditionalGid(gid string) error {
|
func (g *Generator) AddProcessAdditionalGid(gid string) error {
|
||||||
groupID, err := strconv.Atoi(gid)
|
groupID, err := strconv.Atoi(gid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
g.initSpec()
|
||||||
for _, group := range g.spec.Process.User.AdditionalGids {
|
for _, group := range g.spec.Process.User.AdditionalGids {
|
||||||
if group == uint32(groupID) {
|
if group == uint32(groupID) {
|
||||||
return nil
|
return nil
|
||||||
|
@ -328,107 +351,112 @@ func (g Generator) AddProcessAdditionalGid(gid string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetProcessSelinuxLabel sets g.spec.Process.SelinuxLabel.
|
// SetProcessSelinuxLabel sets g.spec.Process.SelinuxLabel.
|
||||||
func (g Generator) SetProcessSelinuxLabel(label string) {
|
func (g *Generator) SetProcessSelinuxLabel(label string) {
|
||||||
|
g.initSpec()
|
||||||
g.spec.Process.SelinuxLabel = label
|
g.spec.Process.SelinuxLabel = label
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxCgroupsPath sets g.spec.Linux.CgroupsPath.
|
// SetLinuxCgroupsPath sets g.spec.Linux.CgroupsPath.
|
||||||
func (g Generator) SetLinuxCgroupsPath(path string) {
|
func (g *Generator) SetLinuxCgroupsPath(path string) {
|
||||||
|
g.initSpecLinux()
|
||||||
g.spec.Linux.CgroupsPath = strPtr(path)
|
g.spec.Linux.CgroupsPath = strPtr(path)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxMountLabel sets g.spec.Linux.MountLabel.
|
// SetLinuxMountLabel sets g.spec.Linux.MountLabel.
|
||||||
func (g Generator) SetLinuxMountLabel(label string) {
|
func (g *Generator) SetLinuxMountLabel(label string) {
|
||||||
|
g.initSpecLinux()
|
||||||
g.spec.Linux.MountLabel = label
|
g.spec.Linux.MountLabel = label
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesCPUShares sets g.spec.Linux.Resources.CPU.Shares.
|
// SetLinuxResourcesCPUShares sets g.spec.Linux.Resources.CPU.Shares.
|
||||||
func (g Generator) SetLinuxResourcesCPUShares(shares uint64) {
|
func (g *Generator) SetLinuxResourcesCPUShares(shares uint64) {
|
||||||
|
g.initSpecLinuxResourcesCPU()
|
||||||
g.spec.Linux.Resources.CPU.Shares = &shares
|
g.spec.Linux.Resources.CPU.Shares = &shares
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesCPUQuota sets g.spec.Linux.Resources.CPU.Quota.
|
// SetLinuxResourcesCPUQuota sets g.spec.Linux.Resources.CPU.Quota.
|
||||||
func (g Generator) SetLinuxResourcesCPUQuota(quota uint64) {
|
func (g *Generator) SetLinuxResourcesCPUQuota(quota uint64) {
|
||||||
|
g.initSpecLinuxResourcesCPU()
|
||||||
g.spec.Linux.Resources.CPU.Quota = "a
|
g.spec.Linux.Resources.CPU.Quota = "a
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesCPUPeriod sets g.spec.Linux.Resources.CPU.Period.
|
// SetLinuxResourcesCPUPeriod sets g.spec.Linux.Resources.CPU.Period.
|
||||||
func (g Generator) SetLinuxResourcesCPUPeriod(period uint64) {
|
func (g *Generator) SetLinuxResourcesCPUPeriod(period uint64) {
|
||||||
|
g.initSpecLinuxResourcesCPU()
|
||||||
g.spec.Linux.Resources.CPU.Period = &period
|
g.spec.Linux.Resources.CPU.Period = &period
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesCPURealtimeRuntime sets g.spec.Linux.Resources.CPU.RealtimeRuntime.
|
// SetLinuxResourcesCPURealtimeRuntime sets g.spec.Linux.Resources.CPU.RealtimeRuntime.
|
||||||
func (g Generator) SetLinuxResourcesCPURealtimeRuntime(time uint64) {
|
func (g *Generator) SetLinuxResourcesCPURealtimeRuntime(time uint64) {
|
||||||
|
g.initSpecLinuxResourcesCPU()
|
||||||
g.spec.Linux.Resources.CPU.RealtimeRuntime = &time
|
g.spec.Linux.Resources.CPU.RealtimeRuntime = &time
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesCPURealtimePeriod sets g.spec.Linux.Resources.CPU.RealtimePeriod.
|
// SetLinuxResourcesCPURealtimePeriod sets g.spec.Linux.Resources.CPU.RealtimePeriod.
|
||||||
func (g Generator) SetLinuxResourcesCPURealtimePeriod(period uint64) {
|
func (g *Generator) SetLinuxResourcesCPURealtimePeriod(period uint64) {
|
||||||
|
g.initSpecLinuxResourcesCPU()
|
||||||
g.spec.Linux.Resources.CPU.RealtimePeriod = &period
|
g.spec.Linux.Resources.CPU.RealtimePeriod = &period
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesCPUCpus sets g.spec.Linux.Resources.CPU.Cpus.
|
// SetLinuxResourcesCPUCpus sets g.spec.Linux.Resources.CPU.Cpus.
|
||||||
func (g Generator) SetLinuxResourcesCPUCpus(cpus string) {
|
func (g *Generator) SetLinuxResourcesCPUCpus(cpus string) {
|
||||||
|
g.initSpecLinuxResourcesCPU()
|
||||||
g.spec.Linux.Resources.CPU.Cpus = &cpus
|
g.spec.Linux.Resources.CPU.Cpus = &cpus
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesCPUMems sets g.spec.Linux.Resources.CPU.Mems.
|
// SetLinuxResourcesCPUMems sets g.spec.Linux.Resources.CPU.Mems.
|
||||||
func (g Generator) SetLinuxResourcesCPUMems(mems string) {
|
func (g *Generator) SetLinuxResourcesCPUMems(mems string) {
|
||||||
|
g.initSpecLinuxResourcesCPU()
|
||||||
g.spec.Linux.Resources.CPU.Mems = &mems
|
g.spec.Linux.Resources.CPU.Mems = &mems
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesMemoryLimit sets g.spec.Linux.Resources.Memory.Limit.
|
// SetLinuxResourcesMemoryLimit sets g.spec.Linux.Resources.Memory.Limit.
|
||||||
func (g Generator) SetLinuxResourcesMemoryLimit(limit uint64) {
|
func (g *Generator) SetLinuxResourcesMemoryLimit(limit uint64) {
|
||||||
if g.spec.Linux == nil {
|
g.initSpecLinuxResourcesMemory()
|
||||||
g.spec.Linux = &rspec.Linux{}
|
|
||||||
}
|
|
||||||
|
|
||||||
if g.spec.Linux.Resources == nil {
|
|
||||||
g.spec.Linux.Resources = &rspec.Resources{}
|
|
||||||
}
|
|
||||||
|
|
||||||
if g.spec.Linux.Resources.Memory == nil {
|
|
||||||
g.spec.Linux.Resources.Memory = &rspec.Memory{}
|
|
||||||
}
|
|
||||||
|
|
||||||
g.spec.Linux.Resources.Memory.Limit = &limit
|
g.spec.Linux.Resources.Memory.Limit = &limit
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesMemoryReservation sets g.spec.Linux.Resources.Memory.Reservation.
|
// SetLinuxResourcesMemoryReservation sets g.spec.Linux.Resources.Memory.Reservation.
|
||||||
func (g Generator) SetLinuxResourcesMemoryReservation(reservation uint64) {
|
func (g *Generator) SetLinuxResourcesMemoryReservation(reservation uint64) {
|
||||||
|
g.initSpecLinuxResourcesMemory()
|
||||||
g.spec.Linux.Resources.Memory.Reservation = &reservation
|
g.spec.Linux.Resources.Memory.Reservation = &reservation
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesMemorySwap sets g.spec.Linux.Resources.Memory.Swap.
|
// SetLinuxResourcesMemorySwap sets g.spec.Linux.Resources.Memory.Swap.
|
||||||
func (g Generator) SetLinuxResourcesMemorySwap(swap uint64) {
|
func (g *Generator) SetLinuxResourcesMemorySwap(swap uint64) {
|
||||||
|
g.initSpecLinuxResourcesMemory()
|
||||||
g.spec.Linux.Resources.Memory.Swap = &swap
|
g.spec.Linux.Resources.Memory.Swap = &swap
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesMemoryKernel sets g.spec.Linux.Resources.Memory.Kernel.
|
// SetLinuxResourcesMemoryKernel sets g.spec.Linux.Resources.Memory.Kernel.
|
||||||
func (g Generator) SetLinuxResourcesMemoryKernel(kernel uint64) {
|
func (g *Generator) SetLinuxResourcesMemoryKernel(kernel uint64) {
|
||||||
|
g.initSpecLinuxResourcesMemory()
|
||||||
g.spec.Linux.Resources.Memory.Kernel = &kernel
|
g.spec.Linux.Resources.Memory.Kernel = &kernel
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesMemoryKernelTCP sets g.spec.Linux.Resources.Memory.KernelTCP.
|
// SetLinuxResourcesMemoryKernelTCP sets g.spec.Linux.Resources.Memory.KernelTCP.
|
||||||
func (g Generator) SetLinuxResourcesMemoryKernelTCP(kernelTCP uint64) {
|
func (g *Generator) SetLinuxResourcesMemoryKernelTCP(kernelTCP uint64) {
|
||||||
|
g.initSpecLinuxResourcesMemory()
|
||||||
g.spec.Linux.Resources.Memory.KernelTCP = &kernelTCP
|
g.spec.Linux.Resources.Memory.KernelTCP = &kernelTCP
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxResourcesMemorySwappiness sets g.spec.Linux.Resources.Memory.Swappiness.
|
// SetLinuxResourcesMemorySwappiness sets g.spec.Linux.Resources.Memory.Swappiness.
|
||||||
func (g Generator) SetLinuxResourcesMemorySwappiness(swappiness uint64) {
|
func (g *Generator) SetLinuxResourcesMemorySwappiness(swappiness uint64) {
|
||||||
|
g.initSpecLinuxResourcesMemory()
|
||||||
g.spec.Linux.Resources.Memory.Swappiness = &swappiness
|
g.spec.Linux.Resources.Memory.Swappiness = &swappiness
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearLinuxSysctl clears g.spec.Linux.Sysctl.
|
// ClearLinuxSysctl clears g.spec.Linux.Sysctl.
|
||||||
func (g Generator) ClearLinuxSysctl() {
|
func (g *Generator) ClearLinuxSysctl() {
|
||||||
|
if g.spec == nil || g.spec.Linux == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Linux.Sysctl = make(map[string]string)
|
g.spec.Linux.Sysctl = make(map[string]string)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddLinuxSysctl adds a new sysctl config into g.spec.Linux.Sysctl.
|
// AddLinuxSysctl adds a new sysctl config into g.spec.Linux.Sysctl.
|
||||||
func (g Generator) AddLinuxSysctl(s string) error {
|
func (g *Generator) AddLinuxSysctl(s string) error {
|
||||||
if g.spec.Linux.Sysctl == nil {
|
g.initSpecLinuxSysctl()
|
||||||
g.spec.Linux.Sysctl = make(map[string]string)
|
|
||||||
}
|
|
||||||
|
|
||||||
pair := strings.Split(s, "=")
|
pair := strings.Split(s, "=")
|
||||||
if len(pair) != 2 {
|
if len(pair) != 2 {
|
||||||
|
@ -439,15 +467,15 @@ func (g Generator) AddLinuxSysctl(s string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveLinuxSysctl removes a sysctl config from g.spec.Linux.Sysctl.
|
// RemoveLinuxSysctl removes a sysctl config from g.spec.Linux.Sysctl.
|
||||||
func (g Generator) RemoveLinuxSysctl(key string) {
|
func (g *Generator) RemoveLinuxSysctl(key string) {
|
||||||
if g.spec.Linux.Sysctl == nil {
|
if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Sysctl == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
delete(g.spec.Linux.Sysctl, key)
|
delete(g.spec.Linux.Sysctl, key)
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxSeccompDefault sets g.spec.Linux.Seccomp.DefaultAction.
|
// SetLinuxSeccompDefault sets g.spec.Linux.Seccomp.DefaultAction.
|
||||||
func (g Generator) SetLinuxSeccompDefault(sdefault string) error {
|
func (g *Generator) SetLinuxSeccompDefault(sdefault string) error {
|
||||||
switch sdefault {
|
switch sdefault {
|
||||||
case "":
|
case "":
|
||||||
case "SCMP_ACT_KILL":
|
case "SCMP_ACT_KILL":
|
||||||
|
@ -461,10 +489,7 @@ func (g Generator) SetLinuxSeccompDefault(sdefault string) error {
|
||||||
"SCMP_ACT_ALLOW")
|
"SCMP_ACT_ALLOW")
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.spec.Linux.Seccomp == nil {
|
g.initSpecLinuxSeccomp()
|
||||||
g.spec.Linux.Seccomp = &rspec.Seccomp{}
|
|
||||||
}
|
|
||||||
|
|
||||||
g.spec.Linux.Seccomp.DefaultAction = rspec.Action(sdefault)
|
g.spec.Linux.Seccomp.DefaultAction = rspec.Action(sdefault)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -494,8 +519,8 @@ func checkSeccompArch(arch string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearLinuxSeccompArch clears g.spec.Linux.Seccomp.Architectures.
|
// ClearLinuxSeccompArch clears g.spec.Linux.Seccomp.Architectures.
|
||||||
func (g Generator) ClearLinuxSeccompArch() {
|
func (g *Generator) ClearLinuxSeccompArch() {
|
||||||
if g.spec.Linux.Seccomp == nil {
|
if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Seccomp == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -503,27 +528,24 @@ func (g Generator) ClearLinuxSeccompArch() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddLinuxSeccompArch adds sArch into g.spec.Linux.Seccomp.Architectures.
|
// AddLinuxSeccompArch adds sArch into g.spec.Linux.Seccomp.Architectures.
|
||||||
func (g Generator) AddLinuxSeccompArch(sArch string) error {
|
func (g *Generator) AddLinuxSeccompArch(sArch string) error {
|
||||||
if err := checkSeccompArch(sArch); err != nil {
|
if err := checkSeccompArch(sArch); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.spec.Linux.Seccomp == nil {
|
g.initSpecLinuxSeccomp()
|
||||||
g.spec.Linux.Seccomp = &rspec.Seccomp{}
|
|
||||||
}
|
|
||||||
|
|
||||||
g.spec.Linux.Seccomp.Architectures = append(g.spec.Linux.Seccomp.Architectures, rspec.Arch(sArch))
|
g.spec.Linux.Seccomp.Architectures = append(g.spec.Linux.Seccomp.Architectures, rspec.Arch(sArch))
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveSeccompArch removes sArch from g.spec.Linux.Seccomp.Architectures.
|
// RemoveSeccompArch removes sArch from g.spec.Linux.Seccomp.Architectures.
|
||||||
func (g Generator) RemoveSeccompArch(sArch string) error {
|
func (g *Generator) RemoveSeccompArch(sArch string) error {
|
||||||
if err := checkSeccompArch(sArch); err != nil {
|
if err := checkSeccompArch(sArch); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.spec.Linux.Seccomp == nil {
|
if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Seccomp == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -622,8 +644,8 @@ func parseSeccompSyscall(s string) (rspec.Syscall, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearLinuxSeccompSyscall clears g.spec.Linux.Seccomp.Syscalls.
|
// ClearLinuxSeccompSyscall clears g.spec.Linux.Seccomp.Syscalls.
|
||||||
func (g Generator) ClearLinuxSeccompSyscall() {
|
func (g *Generator) ClearLinuxSeccompSyscall() {
|
||||||
if g.spec.Linux.Seccomp == nil {
|
if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Seccomp == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -631,50 +653,43 @@ func (g Generator) ClearLinuxSeccompSyscall() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddLinuxSeccompSyscall adds sSyscall into g.spec.Linux.Seccomp.Syscalls.
|
// AddLinuxSeccompSyscall adds sSyscall into g.spec.Linux.Seccomp.Syscalls.
|
||||||
func (g Generator) AddLinuxSeccompSyscall(sSyscall string) error {
|
func (g *Generator) AddLinuxSeccompSyscall(sSyscall string) error {
|
||||||
f, err := parseSeccompSyscall(sSyscall)
|
f, err := parseSeccompSyscall(sSyscall)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if g.spec.Linux.Seccomp == nil {
|
g.initSpecLinuxSeccomp()
|
||||||
g.spec.Linux.Seccomp = &rspec.Seccomp{}
|
|
||||||
}
|
|
||||||
|
|
||||||
g.spec.Linux.Seccomp.Syscalls = append(g.spec.Linux.Seccomp.Syscalls, f)
|
g.spec.Linux.Seccomp.Syscalls = append(g.spec.Linux.Seccomp.Syscalls, f)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddLinuxSeccompSyscallAllow adds seccompAllow into g.spec.Linux.Seccomp.Syscalls.
|
// AddLinuxSeccompSyscallAllow adds seccompAllow into g.spec.Linux.Seccomp.Syscalls.
|
||||||
func (g Generator) AddLinuxSeccompSyscallAllow(seccompAllow string) {
|
func (g *Generator) AddLinuxSeccompSyscallAllow(seccompAllow string) {
|
||||||
if g.spec.Linux.Seccomp == nil {
|
|
||||||
g.spec.Linux.Seccomp = &rspec.Seccomp{}
|
|
||||||
}
|
|
||||||
|
|
||||||
syscall := rspec.Syscall{
|
syscall := rspec.Syscall{
|
||||||
Name: seccompAllow,
|
Name: seccompAllow,
|
||||||
Action: "SCMP_ACT_ALLOW",
|
Action: "SCMP_ACT_ALLOW",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
g.initSpecLinuxSeccomp()
|
||||||
g.spec.Linux.Seccomp.Syscalls = append(g.spec.Linux.Seccomp.Syscalls, syscall)
|
g.spec.Linux.Seccomp.Syscalls = append(g.spec.Linux.Seccomp.Syscalls, syscall)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddLinuxSeccompSyscallErrno adds seccompErrno into g.spec.Linux.Seccomp.Syscalls.
|
// AddLinuxSeccompSyscallErrno adds seccompErrno into g.spec.Linux.Seccomp.Syscalls.
|
||||||
func (g Generator) AddLinuxSeccompSyscallErrno(seccompErrno string) {
|
func (g *Generator) AddLinuxSeccompSyscallErrno(seccompErrno string) {
|
||||||
if g.spec.Linux.Seccomp == nil {
|
|
||||||
g.spec.Linux.Seccomp = &rspec.Seccomp{}
|
|
||||||
}
|
|
||||||
|
|
||||||
syscall := rspec.Syscall{
|
syscall := rspec.Syscall{
|
||||||
Name: seccompErrno,
|
Name: seccompErrno,
|
||||||
Action: "SCMP_ACT_ERRNO",
|
Action: "SCMP_ACT_ERRNO",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
g.initSpecLinuxSeccomp()
|
||||||
g.spec.Linux.Seccomp.Syscalls = append(g.spec.Linux.Seccomp.Syscalls, syscall)
|
g.spec.Linux.Seccomp.Syscalls = append(g.spec.Linux.Seccomp.Syscalls, syscall)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveSeccompSyscallByName removes all the seccomp syscalls with the given
|
// RemoveSeccompSyscallByName removes all the seccomp syscalls with the given
|
||||||
// name from g.spec.Linux.Seccomp.Syscalls.
|
// name from g.spec.Linux.Seccomp.Syscalls.
|
||||||
func (g Generator) RemoveSeccompSyscallByName(name string) error {
|
func (g *Generator) RemoveSeccompSyscallByName(name string) error {
|
||||||
if g.spec.Linux.Seccomp == nil {
|
if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Seccomp == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -690,8 +705,8 @@ func (g Generator) RemoveSeccompSyscallByName(name string) error {
|
||||||
|
|
||||||
// RemoveSeccompSyscallByAction removes all the seccomp syscalls with the given
|
// RemoveSeccompSyscallByAction removes all the seccomp syscalls with the given
|
||||||
// action from g.spec.Linux.Seccomp.Syscalls.
|
// action from g.spec.Linux.Seccomp.Syscalls.
|
||||||
func (g Generator) RemoveSeccompSyscallByAction(action string) error {
|
func (g *Generator) RemoveSeccompSyscallByAction(action string) error {
|
||||||
if g.spec.Linux.Seccomp == nil {
|
if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Seccomp == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -711,8 +726,8 @@ func (g Generator) RemoveSeccompSyscallByAction(action string) error {
|
||||||
|
|
||||||
// RemoveSeccompSyscall removes all the seccomp syscalls with the given
|
// RemoveSeccompSyscall removes all the seccomp syscalls with the given
|
||||||
// name and action from g.spec.Linux.Seccomp.Syscalls.
|
// name and action from g.spec.Linux.Seccomp.Syscalls.
|
||||||
func (g Generator) RemoveSeccompSyscall(name string, action string) error {
|
func (g *Generator) RemoveSeccompSyscall(name string, action string) error {
|
||||||
if g.spec.Linux.Seccomp == nil {
|
if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Seccomp == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -761,39 +776,47 @@ func parseIDMapping(idms string) (rspec.IDMapping, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearLinuxUIDMappings clear g.spec.Linux.UIDMappings.
|
// ClearLinuxUIDMappings clear g.spec.Linux.UIDMappings.
|
||||||
func (g Generator) ClearLinuxUIDMappings() {
|
func (g *Generator) ClearLinuxUIDMappings() {
|
||||||
|
if g.spec == nil || g.spec.Linux == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Linux.UIDMappings = []rspec.IDMapping{}
|
g.spec.Linux.UIDMappings = []rspec.IDMapping{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddLinuxUIDMapping adds uidMap into g.spec.Linux.UIDMappings.
|
// AddLinuxUIDMapping adds uidMap into g.spec.Linux.UIDMappings.
|
||||||
func (g Generator) AddLinuxUIDMapping(uidMap string) error {
|
func (g *Generator) AddLinuxUIDMapping(uidMap string) error {
|
||||||
r, err := parseIDMapping(uidMap)
|
r, err := parseIDMapping(uidMap)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
g.initSpecLinux()
|
||||||
g.spec.Linux.UIDMappings = append(g.spec.Linux.UIDMappings, r)
|
g.spec.Linux.UIDMappings = append(g.spec.Linux.UIDMappings, r)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearLinuxGIDMappings clear g.spec.Linux.GIDMappings.
|
// ClearLinuxGIDMappings clear g.spec.Linux.GIDMappings.
|
||||||
func (g Generator) ClearLinuxGIDMappings() {
|
func (g *Generator) ClearLinuxGIDMappings() {
|
||||||
|
if g.spec == nil || g.spec.Linux == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Linux.GIDMappings = []rspec.IDMapping{}
|
g.spec.Linux.GIDMappings = []rspec.IDMapping{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddLinuxGIDMapping adds gidMap into g.spec.Linux.GIDMappings.
|
// AddLinuxGIDMapping adds gidMap into g.spec.Linux.GIDMappings.
|
||||||
func (g Generator) AddLinuxGIDMapping(gidMap string) error {
|
func (g *Generator) AddLinuxGIDMapping(gidMap string) error {
|
||||||
r, err := parseIDMapping(gidMap)
|
r, err := parseIDMapping(gidMap)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
g.initSpecLinux()
|
||||||
g.spec.Linux.GIDMappings = append(g.spec.Linux.GIDMappings, r)
|
g.spec.Linux.GIDMappings = append(g.spec.Linux.GIDMappings, r)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetLinuxRootPropagation sets g.spec.Linux.RootfsPropagation.
|
// SetLinuxRootPropagation sets g.spec.Linux.RootfsPropagation.
|
||||||
func (g Generator) SetLinuxRootPropagation(rp string) error {
|
func (g *Generator) SetLinuxRootPropagation(rp string) error {
|
||||||
switch rp {
|
switch rp {
|
||||||
case "":
|
case "":
|
||||||
case "private":
|
case "private":
|
||||||
|
@ -805,6 +828,7 @@ func (g Generator) SetLinuxRootPropagation(rp string) error {
|
||||||
default:
|
default:
|
||||||
return fmt.Errorf("rootfs-propagation must be empty or one of private|rprivate|slave|rslave|shared|rshared")
|
return fmt.Errorf("rootfs-propagation must be empty or one of private|rprivate|slave|rslave|shared|rshared")
|
||||||
}
|
}
|
||||||
|
g.initSpecLinux()
|
||||||
g.spec.Linux.RootfsPropagation = rp
|
g.spec.Linux.RootfsPropagation = rp
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -820,43 +844,55 @@ func parseHook(s string) rspec.Hook {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearPreStartHooks clear g.spec.Hooks.Prestart.
|
// ClearPreStartHooks clear g.spec.Hooks.Prestart.
|
||||||
func (g Generator) ClearPreStartHooks() {
|
func (g *Generator) ClearPreStartHooks() {
|
||||||
|
if g.spec == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Hooks.Prestart = []rspec.Hook{}
|
g.spec.Hooks.Prestart = []rspec.Hook{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddPreStartHook add a prestart hook into g.spec.Hooks.Prestart.
|
// AddPreStartHook add a prestart hook into g.spec.Hooks.Prestart.
|
||||||
func (g Generator) AddPreStartHook(s string) error {
|
func (g *Generator) AddPreStartHook(s string) error {
|
||||||
hook := parseHook(s)
|
hook := parseHook(s)
|
||||||
|
g.initSpec()
|
||||||
g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook)
|
g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearPostStopHooks clear g.spec.Hooks.Poststop.
|
// ClearPostStopHooks clear g.spec.Hooks.Poststop.
|
||||||
func (g Generator) ClearPostStopHooks() {
|
func (g *Generator) ClearPostStopHooks() {
|
||||||
|
if g.spec == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Hooks.Poststop = []rspec.Hook{}
|
g.spec.Hooks.Poststop = []rspec.Hook{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddPostStopHook adds a poststop hook into g.spec.Hooks.Poststop.
|
// AddPostStopHook adds a poststop hook into g.spec.Hooks.Poststop.
|
||||||
func (g Generator) AddPostStopHook(s string) error {
|
func (g *Generator) AddPostStopHook(s string) error {
|
||||||
hook := parseHook(s)
|
hook := parseHook(s)
|
||||||
|
g.initSpec()
|
||||||
g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook)
|
g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearPostStartHooks clear g.spec.Hooks.Poststart.
|
// ClearPostStartHooks clear g.spec.Hooks.Poststart.
|
||||||
func (g Generator) ClearPostStartHooks() {
|
func (g *Generator) ClearPostStartHooks() {
|
||||||
|
if g.spec == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Hooks.Poststart = []rspec.Hook{}
|
g.spec.Hooks.Poststart = []rspec.Hook{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddPostStartHook adds a poststart hook into g.spec.Hooks.Poststart.
|
// AddPostStartHook adds a poststart hook into g.spec.Hooks.Poststart.
|
||||||
func (g Generator) AddPostStartHook(s string) error {
|
func (g *Generator) AddPostStartHook(s string) error {
|
||||||
hook := parseHook(s)
|
hook := parseHook(s)
|
||||||
|
g.initSpec()
|
||||||
g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook)
|
g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddTmpfsMount adds a tmpfs mount into g.spec.Mounts.
|
// AddTmpfsMount adds a tmpfs mount into g.spec.Mounts.
|
||||||
func (g Generator) AddTmpfsMount(dest string) error {
|
func (g *Generator) AddTmpfsMount(dest string) error {
|
||||||
mnt := rspec.Mount{
|
mnt := rspec.Mount{
|
||||||
Destination: dest,
|
Destination: dest,
|
||||||
Type: "tmpfs",
|
Type: "tmpfs",
|
||||||
|
@ -864,12 +900,13 @@ func (g Generator) AddTmpfsMount(dest string) error {
|
||||||
Options: []string{"nosuid", "nodev", "mode=755"},
|
Options: []string{"nosuid", "nodev", "mode=755"},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
g.initSpec()
|
||||||
g.spec.Mounts = append(g.spec.Mounts, mnt)
|
g.spec.Mounts = append(g.spec.Mounts, mnt)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddCgroupsMount adds a cgroup mount into g.spec.Mounts.
|
// AddCgroupsMount adds a cgroup mount into g.spec.Mounts.
|
||||||
func (g Generator) AddCgroupsMount(mountCgroupOption string) error {
|
func (g *Generator) AddCgroupsMount(mountCgroupOption string) error {
|
||||||
switch mountCgroupOption {
|
switch mountCgroupOption {
|
||||||
case "ro":
|
case "ro":
|
||||||
case "rw":
|
case "rw":
|
||||||
|
@ -885,13 +922,14 @@ func (g Generator) AddCgroupsMount(mountCgroupOption string) error {
|
||||||
Source: "cgroup",
|
Source: "cgroup",
|
||||||
Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption},
|
Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption},
|
||||||
}
|
}
|
||||||
|
g.initSpec()
|
||||||
g.spec.Mounts = append(g.spec.Mounts, mnt)
|
g.spec.Mounts = append(g.spec.Mounts, mnt)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddBindMount adds a bind mount into g.spec.Mounts.
|
// AddBindMount adds a bind mount into g.spec.Mounts.
|
||||||
func (g Generator) AddBindMount(bind string) error {
|
func (g *Generator) AddBindMount(bind string) error {
|
||||||
var source, dest string
|
var source, dest string
|
||||||
options := "ro"
|
options := "ro"
|
||||||
bparts := strings.SplitN(bind, ":", 3)
|
bparts := strings.SplitN(bind, ":", 3)
|
||||||
|
@ -911,18 +949,23 @@ func (g Generator) AddBindMount(bind string) error {
|
||||||
Source: source,
|
Source: source,
|
||||||
Options: append(defaultOptions, options),
|
Options: append(defaultOptions, options),
|
||||||
}
|
}
|
||||||
|
g.initSpec()
|
||||||
g.spec.Mounts = append(g.spec.Mounts, mnt)
|
g.spec.Mounts = append(g.spec.Mounts, mnt)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// SetupPrivileged sets up the priviledge-related fields inside g.spec.
|
// SetupPrivileged sets up the priviledge-related fields inside g.spec.
|
||||||
func (g Generator) SetupPrivileged(privileged bool) {
|
func (g *Generator) SetupPrivileged(privileged bool) {
|
||||||
if privileged {
|
if privileged {
|
||||||
// Add all capabilities in privileged mode.
|
// Add all capabilities in privileged mode.
|
||||||
var finalCapList []string
|
var finalCapList []string
|
||||||
for _, cap := range capability.List() {
|
for _, cap := range capability.List() {
|
||||||
|
if g.HostSpecific && cap > capability.CAP_LAST_CAP {
|
||||||
|
continue
|
||||||
|
}
|
||||||
finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
|
finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
|
||||||
}
|
}
|
||||||
|
g.initSpecLinux()
|
||||||
g.spec.Process.Capabilities = finalCapList
|
g.spec.Process.Capabilities = finalCapList
|
||||||
g.spec.Process.SelinuxLabel = ""
|
g.spec.Process.SelinuxLabel = ""
|
||||||
g.spec.Process.ApparmorProfile = ""
|
g.spec.Process.ApparmorProfile = ""
|
||||||
|
@ -930,12 +973,15 @@ func (g Generator) SetupPrivileged(privileged bool) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkCap(c string) error {
|
func checkCap(c string, hostSpecific bool) error {
|
||||||
isValid := false
|
isValid := false
|
||||||
cp := strings.ToUpper(c)
|
cp := strings.ToUpper(c)
|
||||||
|
|
||||||
for _, cap := range capability.List() {
|
for _, cap := range capability.List() {
|
||||||
if cp == strings.ToUpper(cap.String()) {
|
if cp == strings.ToUpper(cap.String()) {
|
||||||
|
if hostSpecific && cap > capability.CAP_LAST_CAP {
|
||||||
|
return fmt.Errorf("CAP_%s is not supported on the current host", cp)
|
||||||
|
}
|
||||||
isValid = true
|
isValid = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
@ -948,18 +994,22 @@ func checkCap(c string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearProcessCapabilities clear g.spec.Process.Capabilities.
|
// ClearProcessCapabilities clear g.spec.Process.Capabilities.
|
||||||
func (g Generator) ClearProcessCapabilities() {
|
func (g *Generator) ClearProcessCapabilities() {
|
||||||
|
if g.spec == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Process.Capabilities = []string{}
|
g.spec.Process.Capabilities = []string{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddProcessCapability adds a process capability into g.spec.Process.Capabilities.
|
// AddProcessCapability adds a process capability into g.spec.Process.Capabilities.
|
||||||
func (g Generator) AddProcessCapability(c string) error {
|
func (g *Generator) AddProcessCapability(c string) error {
|
||||||
if err := checkCap(c); err != nil {
|
if err := checkCap(c, g.HostSpecific); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c))
|
cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c))
|
||||||
|
|
||||||
|
g.initSpec()
|
||||||
for _, cap := range g.spec.Process.Capabilities {
|
for _, cap := range g.spec.Process.Capabilities {
|
||||||
if strings.ToUpper(cap) == cp {
|
if strings.ToUpper(cap) == cp {
|
||||||
return nil
|
return nil
|
||||||
|
@ -971,13 +1021,14 @@ func (g Generator) AddProcessCapability(c string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// DropProcessCapability drops a process capability from g.spec.Process.Capabilities.
|
// DropProcessCapability drops a process capability from g.spec.Process.Capabilities.
|
||||||
func (g Generator) DropProcessCapability(c string) error {
|
func (g *Generator) DropProcessCapability(c string) error {
|
||||||
if err := checkCap(c); err != nil {
|
if err := checkCap(c, g.HostSpecific); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c))
|
cp := fmt.Sprintf("CAP_%s", strings.ToUpper(c))
|
||||||
|
|
||||||
|
g.initSpec()
|
||||||
for i, cap := range g.spec.Process.Capabilities {
|
for i, cap := range g.spec.Process.Capabilities {
|
||||||
if strings.ToUpper(cap) == cp {
|
if strings.ToUpper(cap) == cp {
|
||||||
g.spec.Process.Capabilities = append(g.spec.Process.Capabilities[:i], g.spec.Process.Capabilities[i+1:]...)
|
g.spec.Process.Capabilities = append(g.spec.Process.Capabilities[:i], g.spec.Process.Capabilities[i+1:]...)
|
||||||
|
@ -1010,18 +1061,22 @@ func mapStrToNamespace(ns string, path string) (rspec.Namespace, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// ClearLinuxNamespaces clear g.spec.Linux.Namespaces.
|
// ClearLinuxNamespaces clear g.spec.Linux.Namespaces.
|
||||||
func (g Generator) ClearLinuxNamespaces() {
|
func (g *Generator) ClearLinuxNamespaces() {
|
||||||
|
if g.spec == nil || g.spec.Linux == nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
g.spec.Linux.Namespaces = []rspec.Namespace{}
|
g.spec.Linux.Namespaces = []rspec.Namespace{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// AddOrReplaceLinuxNamespace adds or replaces a namespace inside
|
// AddOrReplaceLinuxNamespace adds or replaces a namespace inside
|
||||||
// g.spec.Linux.Namespaces.
|
// g.spec.Linux.Namespaces.
|
||||||
func (g Generator) AddOrReplaceLinuxNamespace(ns string, path string) error {
|
func (g *Generator) AddOrReplaceLinuxNamespace(ns string, path string) error {
|
||||||
namespace, err := mapStrToNamespace(ns, path)
|
namespace, err := mapStrToNamespace(ns, path)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
g.initSpecLinux()
|
||||||
for i, ns := range g.spec.Linux.Namespaces {
|
for i, ns := range g.spec.Linux.Namespaces {
|
||||||
if ns.Type == namespace.Type {
|
if ns.Type == namespace.Type {
|
||||||
g.spec.Linux.Namespaces[i] = namespace
|
g.spec.Linux.Namespaces[i] = namespace
|
||||||
|
@ -1033,12 +1088,15 @@ func (g Generator) AddOrReplaceLinuxNamespace(ns string, path string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveLinuxNamespace removes a namespace from g.spec.Linux.Namespaces.
|
// RemoveLinuxNamespace removes a namespace from g.spec.Linux.Namespaces.
|
||||||
func (g Generator) RemoveLinuxNamespace(ns string) error {
|
func (g *Generator) RemoveLinuxNamespace(ns string) error {
|
||||||
namespace, err := mapStrToNamespace(ns, "")
|
namespace, err := mapStrToNamespace(ns, "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if g.spec == nil || g.spec.Linux == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
for i, ns := range g.spec.Linux.Namespaces {
|
for i, ns := range g.spec.Linux.Namespaces {
|
||||||
if ns.Type == namespace.Type {
|
if ns.Type == namespace.Type {
|
||||||
g.spec.Linux.Namespaces = append(g.spec.Linux.Namespaces[:i], g.spec.Linux.Namespaces[i+1:]...)
|
g.spec.Linux.Namespaces = append(g.spec.Linux.Namespaces[:i], g.spec.Linux.Namespaces[i+1:]...)
|
||||||
|
|
60
vendor/github.com/opencontainers/ocitools/generate/spec.go
generated
vendored
Normal file
60
vendor/github.com/opencontainers/ocitools/generate/spec.go
generated
vendored
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
package generate
|
||||||
|
|
||||||
|
import (
|
||||||
|
rspec "github.com/opencontainers/runtime-spec/specs-go"
|
||||||
|
)
|
||||||
|
|
||||||
|
func (g *Generator) initSpec() {
|
||||||
|
if g.spec == nil {
|
||||||
|
g.spec = &rspec.Spec{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g *Generator) initSpecAnnotations() {
|
||||||
|
g.initSpec()
|
||||||
|
if g.spec.Annotations == nil {
|
||||||
|
g.spec.Annotations = make(map[string]string)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g *Generator) initSpecLinux() {
|
||||||
|
g.initSpec()
|
||||||
|
if g.spec.Linux == nil {
|
||||||
|
g.spec.Linux = &rspec.Linux{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g *Generator) initSpecLinuxSysctl() {
|
||||||
|
g.initSpecLinux()
|
||||||
|
if g.spec.Linux.Sysctl == nil {
|
||||||
|
g.spec.Linux.Sysctl = make(map[string]string)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g *Generator) initSpecLinuxSeccomp() {
|
||||||
|
g.initSpecLinux()
|
||||||
|
if g.spec.Linux.Seccomp == nil {
|
||||||
|
g.spec.Linux.Seccomp = &rspec.Seccomp{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g *Generator) initSpecLinuxResources() {
|
||||||
|
g.initSpecLinux()
|
||||||
|
if g.spec.Linux.Resources == nil {
|
||||||
|
g.spec.Linux.Resources = &rspec.Resources{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g *Generator) initSpecLinuxResourcesCPU() {
|
||||||
|
g.initSpecLinuxResources()
|
||||||
|
if g.spec.Linux.Resources.CPU == nil {
|
||||||
|
g.spec.Linux.Resources.CPU = &rspec.CPU{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (g *Generator) initSpecLinuxResourcesMemory() {
|
||||||
|
g.initSpecLinuxResources()
|
||||||
|
if g.spec.Linux.Resources.Memory == nil {
|
||||||
|
g.spec.Linux.Resources.Memory = &rspec.Memory{}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue