Update libcontainer readme and todo list
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
aca132a1dd
commit
ff10ab55d2
2 changed files with 72 additions and 55 deletions
|
|
@ -16,54 +16,77 @@ process are specified in this file. The configuration is used for each process
|
||||||
Sample `container.json` file:
|
Sample `container.json` file:
|
||||||
```json
|
```json
|
||||||
{
|
{
|
||||||
"hostname": "koye",
|
"hostname" : "koye",
|
||||||
"tty": true,
|
"networks" : [
|
||||||
"environment": [
|
{
|
||||||
"HOME=/",
|
"gateway" : "172.17.42.1",
|
||||||
"PATH=PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin",
|
"context" : {
|
||||||
"container=docker",
|
"bridge" : "docker0",
|
||||||
"TERM=xterm-256color"
|
"prefix" : "veth"
|
||||||
],
|
},
|
||||||
"namespaces": [
|
"address" : "172.17.0.2/16",
|
||||||
"NEWIPC",
|
"type" : "veth",
|
||||||
"NEWNS",
|
"mtu" : 1500
|
||||||
"NEWPID",
|
}
|
||||||
"NEWUTS",
|
],
|
||||||
"NEWNET"
|
"cgroups" : {
|
||||||
],
|
"parent" : "docker",
|
||||||
"capabilities": [
|
"name" : "11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620"
|
||||||
"SETPCAP",
|
},
|
||||||
"SYS_MODULE",
|
"tty" : true,
|
||||||
"SYS_RAWIO",
|
"environment" : [
|
||||||
"SYS_PACCT",
|
"HOME=/",
|
||||||
"SYS_ADMIN",
|
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
||||||
"SYS_NICE",
|
"HOSTNAME=11bb30683fb0",
|
||||||
"SYS_RESOURCE",
|
"TERM=xterm"
|
||||||
"SYS_TIME",
|
],
|
||||||
"SYS_TTY_CONFIG",
|
"capabilities" : [
|
||||||
"MKNOD",
|
"SETPCAP",
|
||||||
"AUDIT_WRITE",
|
"SYS_MODULE",
|
||||||
"AUDIT_CONTROL",
|
"SYS_RAWIO",
|
||||||
"MAC_OVERRIDE",
|
"SYS_PACCT",
|
||||||
"MAC_ADMIN",
|
"SYS_ADMIN",
|
||||||
"NET_ADMIN"
|
"SYS_NICE",
|
||||||
],
|
"SYS_RESOURCE",
|
||||||
"networks": [{
|
"SYS_TIME",
|
||||||
"type": "veth",
|
"SYS_TTY_CONFIG",
|
||||||
"context": {
|
"MKNOD",
|
||||||
"bridge": "docker0",
|
"AUDIT_WRITE",
|
||||||
"prefix": "dock"
|
"AUDIT_CONTROL",
|
||||||
},
|
"MAC_OVERRIDE",
|
||||||
"address": "172.17.0.100/16",
|
"MAC_ADMIN",
|
||||||
"gateway": "172.17.42.1",
|
"NET_ADMIN"
|
||||||
"mtu": 1500
|
],
|
||||||
}
|
"context" : {
|
||||||
],
|
"apparmor_profile" : "docker-default"
|
||||||
"cgroups": {
|
},
|
||||||
"name": "docker-koye",
|
"mounts" : [
|
||||||
"parent": "docker",
|
{
|
||||||
"memory": 5248000
|
"source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/resolv.conf",
|
||||||
}
|
"writable" : false,
|
||||||
|
"destination" : "/etc/resolv.conf",
|
||||||
|
"private" : true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hostname",
|
||||||
|
"writable" : false,
|
||||||
|
"destination" : "/etc/hostname",
|
||||||
|
"private" : true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"source" : "/var/lib/docker/containers/11bb30683fb0bdd57fab4d3a8238877f1e4395a2cfc7320ea359f7a02c1a5620/hosts",
|
||||||
|
"writable" : false,
|
||||||
|
"destination" : "/etc/hosts",
|
||||||
|
"private" : true
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"namespaces" : [
|
||||||
|
"NEWNS",
|
||||||
|
"NEWUTS",
|
||||||
|
"NEWIPC",
|
||||||
|
"NEWPID",
|
||||||
|
"NEWNET"
|
||||||
|
]
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,11 @@
|
||||||
#### goals
|
#### goals
|
||||||
* small and simple - line count is not everything but less code is better
|
* small and simple - line count is not everything but less code is better
|
||||||
* clean lines between what we do in the pkg
|
|
||||||
* provide primitives for working with namespaces not cater to every option
|
* provide primitives for working with namespaces not cater to every option
|
||||||
* extend via configuration not by features - host networking, no networking, veth network can be accomplished via adjusting the container.json, nothing to do with code
|
* extend via configuration not by features - host networking, no networking, veth network can be accomplished via adjusting the container.json, nothing to do with code
|
||||||
|
|
||||||
#### tasks
|
#### tasks
|
||||||
* proper tty for a new process in an existing container
|
* reexec or raw syscalls for new process in existing container
|
||||||
* use exec or raw syscalls for new process in existing container
|
|
||||||
* setup proper user in namespace if specified
|
|
||||||
* implement hook or clean interface for cgroups
|
|
||||||
* example configs for different setups (host networking, boot init)
|
* example configs for different setups (host networking, boot init)
|
||||||
* improve pkg documentation with comments
|
* improve pkg documentation with comments
|
||||||
* testing - this is hard in a low level pkg but we could do some, maybe
|
* testing - this is hard in a low level pkg but we could do some, maybe
|
||||||
* pivot root
|
|
||||||
* selinux
|
* selinux
|
||||||
* apparmor
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue