runtime

package
v0.1.147 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: AGPL-3.0, AGPL-3.0-or-later Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BaseRuncConfigRaw string
View Source 
var BaseRunscConfigRaw string

Functions

func GetBaseConfig 

func GetBaseConfig(runtimeName string) string

GetBaseConfig returns the appropriate base config for the runtime

func GetCgroupPathFromPID 

func GetCgroupPathFromPID(pid int) (string, error)

GetCgroupPathFromPID reads the actual cgroup path from a process This works for both cgroup v1 and v2, and for any runtime

Types

type Capabilities 

type Capabilities struct {
	CheckpointRestore bool // CRIU support
	GPU               bool // GPU device passthrough
	OOMEvents         bool // Runtime-native OOM events (use cgroup poller as fallback)
	JoinExistingNetNS bool // Can join existing network namespace
	CDI               bool // Container Device Interface support
}

Capabilities describes what features a runtime supports

type CgroupOOMWatcher 

type CgroupOOMWatcher struct {
	// contains filtered or unexported fields
}

CgroupOOMWatcher watches for OOM kills via cgroup v2 memory.events Works for runc and other traditional runtimes

func NewCgroupOOMWatcher 

func NewCgroupOOMWatcher(ctx context.Context, cgroupPath string) *CgroupOOMWatcher

NewCgroupOOMWatcher creates a new cgroup-based OOM watcher for runc

func (*CgroupOOMWatcher) Stop 

func (w *CgroupOOMWatcher) Stop()

Stop stops the OOM watcher

func (*CgroupOOMWatcher) Watch 

func (w *CgroupOOMWatcher) Watch(onOOM func()) error

Watch starts watching for OOM events via cgroup memory.events

type CheckpointOpts 

type CheckpointOpts struct {
	ImagePath    string       // Path to store checkpoint image
	WorkDir      string       // Working directory for checkpoint files
	LeaveRunning bool         // Leave container running after checkpoint
	AllowOpenTCP bool         // Allow open TCP connections
	SkipInFlight bool         // Skip in-flight TCP connections
	LinkRemap    bool         // Enable link remapping
	OutputWriter OutputWriter // Writer for checkpoint output
}

CheckpointOpts contains options for checkpointing a container

type Config 

type Config struct {
	Type          string // "runc" | "gvisor"
	RuncPath      string // Path to runc binary (default: "runc")
	RunscPath     string // Path to runsc binary (default: "runsc")
	RunscPlatform string // "kvm" | "ptrace" (optional)
	RunscRoot     string // Root directory for runsc state (default: "/run/gvisor")
	Debug         bool   // Enable debug mode
}

Config contains configuration for creating a runtime

type DeleteOpts 

type DeleteOpts struct {
	Force bool // Force deletion
}

DeleteOpts contains options for deleting a container

type ErrContainerNotFound 

type ErrContainerNotFound struct {
	ContainerID string
}

ErrContainerNotFound is returned when a container is not found

func (ErrContainerNotFound) Error 

func (e ErrContainerNotFound) Error() string

type ErrRuntimeNotAvailable 

type ErrRuntimeNotAvailable struct {
	Runtime string
	Reason  string
}

ErrRuntimeNotAvailable is returned when a runtime is not available on the system

func (ErrRuntimeNotAvailable) Error 

func (e ErrRuntimeNotAvailable) Error() string

type ErrUnsupportedRuntime 

type ErrUnsupportedRuntime struct {
	Runtime string
}

ErrUnsupportedRuntime is returned when an unsupported runtime type is requested

func (ErrUnsupportedRuntime) Error 

func (e ErrUnsupportedRuntime) Error() string

type Event 

type Event struct {
	Type string // "oom", "exit", "error"
	Err  error
}

Event represents a container event

type ExecOpts 

type ExecOpts struct {
	OutputWriter OutputWriter
	StdinReader  io.Reader
	Started      chan<- int
}

ExecOpts contains options for executing a command in a container

type GvisorOOMWatcher 

type GvisorOOMWatcher struct {
	// contains filtered or unexported fields
}

GvisorOOMWatcher watches for OOM by monitoring memory usage vs limits Works for gVisor where cgroup files aren't accessible from host

func NewGvisorOOMWatcher 

func NewGvisorOOMWatcher(ctx context.Context, pid int, memoryLimitBytes uint64) *GvisorOOMWatcher

NewGvisorOOMWatcher creates a new memory-monitoring OOM watcher for gVisor

func (*GvisorOOMWatcher) Stop 

func (w *GvisorOOMWatcher) Stop()

Stop stops the OOM watcher

func (*GvisorOOMWatcher) Watch 

func (w *GvisorOOMWatcher) Watch(onOOM func()) error

Watch starts monitoring memory usage for gVisor containers

type KillOpts 

type KillOpts struct {
	All bool // Kill all processes in the container
}

KillOpts contains options for killing a container

type OOMWatcher 

type OOMWatcher interface {
	Watch(onOOM func()) error
	Stop()
}

OOMWatcher interface for different runtime implementations

type OutputWriter 

type OutputWriter interface {
	Write(p []byte) (n int, err error)
}

OutputWriter is an interface for writing container output

type RestoreOpts 

type RestoreOpts struct {
	ImagePath    string       // Path to checkpoint image
	WorkDir      string       // Working directory for restore files
	BundlePath   string       // Path to container bundle
	OutputWriter OutputWriter // Writer for restore output
	Started      chan<- int   // PID channel
	TCPClose     bool         // Close TCP connections on restore
}

RestoreOpts contains options for restoring a container from checkpoint

type RunOpts 

type RunOpts struct {
	OutputWriter  OutputWriter
	Started       chan<- int // PID channel
	DockerEnabled bool       // Enable Docker-in-Docker (gVisor only)
}

RunOpts contains options for running a container

type Runc 

type Runc struct {
	// contains filtered or unexported fields
}

Runc implements Runtime using the runc container runtime

func NewRunc 

func NewRunc(cfg Config) (*Runc, error)

NewRunc creates a new runc runtime

func (*Runc) Capabilities 

func (r *Runc) Capabilities() Capabilities

func (*Runc) Checkpoint 

func (r *Runc) Checkpoint(ctx context.Context, containerID string, opts *CheckpointOpts) error

func (*Runc) Close 

func (r *Runc) Close() error

func (*Runc) Delete 

func (r *Runc) Delete(ctx context.Context, containerID string, opts *DeleteOpts) error

func (*Runc) Events 

func (r *Runc) Events(ctx context.Context, containerID string) (<-chan Event, error)

func (*Runc) Exec 

func (r *Runc) Exec(ctx context.Context, containerID string, proc specs.Process, opts *ExecOpts) error

func (*Runc) Kill 

func (r *Runc) Kill(ctx context.Context, containerID string, sig syscall.Signal, opts *KillOpts) error

func (*Runc) List 

func (r *Runc) List(ctx context.Context) ([]State, error)

ListContainers lists all containers managed by the runtime

func (*Runc) Name 

func (r *Runc) Name() string

func (*Runc) Prepare 

func (r *Runc) Prepare(ctx context.Context, spec *specs.Spec) error

Prepare is a no-op for runc as it doesn't need spec mutations

func (*Runc) Restore 

func (r *Runc) Restore(ctx context.Context, containerID string, opts *RestoreOpts) (int, error)

func (*Runc) Run 

func (r *Runc) Run(ctx context.Context, containerID, bundlePath string, opts *RunOpts) (int, error)

func (*Runc) State 

func (r *Runc) State(ctx context.Context, containerID string) (State, error)

type Runsc 

type Runsc struct {
	// contains filtered or unexported fields
}

Runsc implements Runtime using the gVisor runsc runtime

CUDA Checkpoint/Restore: For GPU workloads, cuda-checkpoint is bind-mounted from the host and executed inside the container via runsc exec to freeze/unfreeze GPU state before/after checkpoint/restore operations.

func NewRunsc 

func NewRunsc(cfg Config) (*Runsc, error)

NewRunsc creates a new runsc (gVisor) runtime

func (*Runsc) AddDockerInDockerCapabilities 

func (r *Runsc) AddDockerInDockerCapabilities(spec *specs.Spec)

AddDockerInDockerCapabilities adds the capabilities required for running Docker inside gVisor. According to gVisor documentation, Docker requires: audit_write, chown, dac_override, fowner, fsetid, kill, mknod, net_bind_service, net_admin, net_raw, setfcap, setgid, setpcap, setuid, sys_admin, sys_chroot, sys_ptrace

func (*Runsc) Capabilities 

func (r *Runsc) Capabilities() Capabilities

func (*Runsc) Checkpoint 

func (r *Runsc) Checkpoint(ctx context.Context, containerID string, opts *CheckpointOpts) error

func (*Runsc) Close 

func (r *Runsc) Close() error

func (*Runsc) Delete 

func (r *Runsc) Delete(ctx context.Context, containerID string, opts *DeleteOpts) error

func (*Runsc) Events 

func (r *Runsc) Events(ctx context.Context, containerID string) (<-chan Event, error)

func (*Runsc) Exec 

func (r *Runsc) Exec(ctx context.Context, containerID string, proc specs.Process, opts *ExecOpts) error

func (*Runsc) Kill 

func (r *Runsc) Kill(ctx context.Context, containerID string, sig syscall.Signal, opts *KillOpts) error

func (*Runsc) List 

func (r *Runsc) List(ctx context.Context) ([]State, error)

ListContainers lists all containers managed by the runtime

func (*Runsc) Name 

func (r *Runsc) Name() string

func (*Runsc) Prepare 

func (r *Runsc) Prepare(ctx context.Context, spec *specs.Spec) error

Prepare mutates the OCI spec to be compatible with gVisor

func (*Runsc) Restore 

func (r *Runsc) Restore(ctx context.Context, containerID string, opts *RestoreOpts) (int, error)

func (*Runsc) Run 

func (r *Runsc) Run(ctx context.Context, containerID, bundlePath string, opts *RunOpts) (int, error)

func (*Runsc) State 

func (r *Runsc) State(ctx context.Context, containerID string) (State, error)

type Runtime 

type Runtime interface {
	// Name returns the name of the runtime (e.g., "runc", "gvisor")
	Name() string

	// Capabilities returns what features this runtime supports
	Capabilities() Capabilities

	// Prepare may mutate spec to fit runtime quirks (e.g., seccomp, mounts)
	// Called before writing config.json
	Prepare(ctx context.Context, spec *specs.Spec) error

	// Run starts a container with the given configuration
	Run(ctx context.Context, containerID, bundlePath string, opts *RunOpts) (int, error)

	// Exec executes a command inside a running container
	Exec(ctx context.Context, containerID string, proc specs.Process, opts *ExecOpts) error

	// Kill sends a signal to a container
	Kill(ctx context.Context, containerID string, sig syscall.Signal, opts *KillOpts) error

	// Delete removes a container
	Delete(ctx context.Context, containerID string, opts *DeleteOpts) error

	// State returns the current state of a container
	State(ctx context.Context, containerID string) (State, error)

	// Events returns a channel for receiving container events
	// Optional; use cgroup poller as portable fallback
	Events(ctx context.Context, containerID string) (<-chan Event, error)

	// Checkpoint creates a checkpoint of a running container
	// Returns an error if the runtime doesn't support checkpointing
	Checkpoint(ctx context.Context, containerID string, opts *CheckpointOpts) error

	// Restore restores a container from a checkpoint
	// Returns the exit code and any error
	Restore(ctx context.Context, containerID string, opts *RestoreOpts) (int, error)

	// Close cleans up any resources held by the runtime
	Close() error
}

Runtime defines the interface for different container/microvm runtime implementations

func New 

func New(cfg Config) (Runtime, error)

New creates a new Runtime based on the provided configuration

type State 

type State struct {
	ID     string
	Pid    int
	Status string // "running", "stopped", etc.
}

State represents the current state of a container

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.