Documentation
¶
Index ¶
Constants ¶
const ( DefaultCgroupManager = "systemd" DefaultApparmorProfile = "container-default" // DefaultPidsLimit is the default value for maximum number of processes // allowed inside a container DefaultPidsLimit = 2048 // DefaultLogSizeMax is the default value for the maximum log size // allowed for a container. Negative values mean that no limit is imposed. DefaultLogSizeMax = -1 OCIBufSize = 8192 // DefaultSeccompPath defines the default seccomp path DefaultSeccompPath = "/usr/share/containers/seccomp.json" // DefaultShmSize default value DefaultShmSize = "65536k" // DefaultContainersConfig holds the default containers config path DefaultContainersConfig = "/usr/share/containers/containers.conf" // OverrideContainersConfig holds the default config paths overridden by the root user OverrideContainersConfig = "/etc/containers/containers.conf" )
Variables ¶
var DefaultCapabilities = []string{
"CAP_AUDIT_WRITE",
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_MKNOD",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT",
}
DefaultCapabilities for the default_capabilities option in the containers.conf file
var DefaultHooksDirs = []string{"/usr/share/containers/oci/hooks.d"}
DefaultHooksDirs defines the default hooks directory
var UserOverrideContainersConfig = filepath.Join(os.Getenv("HOME"), ".config/containers/containers.conf")
UserOverrideContainersConfig holds the containers config path overridden by the rootless user
Functions ¶
func Device ¶
Device parses device mapping string to a src, dest & permissions string Valid values for device looklike:
'/dev/sdc" '/dev/sdc:/dev/xvdc" '/dev/sdc:/dev/xvdc:rwm" '/dev/sdc:rm"
func IsDirectory ¶
IsDirectory tests whether the given path exists and is a directory. It follows symlinks.
func IsValidDeviceMode ¶
IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).
Types ¶
type Config ¶
type Config struct {
ContainersConfig
NetworkConfig
}
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig defines the default values from containers.conf
func (*Config) UpdateFromFile ¶
UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.
type ContainersConfig ¶
type ContainersConfig struct {
// DefaultUlimits specifies the default ulimits to apply to containers
DefaultUlimits []string `toml:"default_ulimits"`
// Env is the environment variable list for container process.
Env []string `toml:"env"`
// HTTPProxy is the proxy environment variable list to apply to container process
HTTPProxy []string `toml:"http_proxy"`
// SELinux determines whether or not SELinux is used for pod separation.
SELinux bool `toml:"selinux"`
// SeccompProfile is the seccomp.json profile path which is used as the
// default for the runtime.
SeccompProfile string `toml:"seccomp_profile"`
// ApparmorProfile is the apparmor profile name which is used as the
// default for the runtime.
ApparmorProfile string `toml:"apparmor_profile"`
// CgroupManager is the manager implementation name which is used to
// handle cgroups for containers. Supports cgroupfs and systemd.
CgroupManager string `toml:"cgroup_manager"`
// Capabilities to add to all containers.
DefaultCapabilities []string `toml:"default_capabilities"`
// Sysctls to add to all containers.
DefaultSysctls []string `toml:"default_sysctls"`
// PidsLimit is the number of processes each container is restricted to
// by the cgroup process number controller.
PidsLimit int64 `toml:"pids_limit"`
// Devices to add to containers
AdditionalDevices []string `toml:"additional_devices"`
// LogSizeMax is the maximum number of bytes after which the log file
// will be truncated. It can be expressed as a human-friendly string
// that is parsed to bytes.
// Negative values indicate that the log file won't be truncated.
LogSizeMax int64 `toml:"log_size_max"`
// HooksDir holds paths to the directories containing hooks
// configuration files. When the same filename is present in in
// multiple directories, the file in the directory listed last in
// this slice takes precedence.
HooksDir []string `toml:"hooks_dir"`
// ShmSize holds the size of /dev/shm.
ShmSize string `toml:"shm_size"`
// Run an init inside the container that forwards signals and reaps processes.
Init bool `toml:"init"`
}
ContainersConfig represents the "containers" TOML config table
func (*ContainersConfig) Validate ¶
func (c *ContainersConfig) Validate() error
Validate is the main entry point for containers configuration validation It returns an `error` on validation failure, otherwise `nil`.
type NetworkConfig ¶
type NetworkConfig struct {
// NetworkDir is where CNI network configuration files are stored.
NetworkDir string `toml:"network_dir"`
// PluginDir is where CNI plugin binaries are stored.
PluginDir string `toml:"plugin_dir,omitempty"`
// PluginDirs is where CNI plugin binaries are stored.
PluginDirs []string `toml:"plugin_dirs"`
}
NetworkConfig represents the "network" TOML config table
func (*NetworkConfig) Validate ¶
func (c *NetworkConfig) Validate(onExecution bool) error
Validate is the main entry point for network configuration validation. The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.
Source Files