Documentation
¶
Index ¶
Constants ¶
View Source
const ( // DefaultContainersConfig holds the default containers config path DefaultContainersConfig = "/usr/share/containers/containers.conf" // OverrideContainersConfig holds the default config paths overridden by the root user OverrideContainersConfig = "/etc/containers/containers.conf" // UserOverrideContainersConfig holds the containers config path overridden by the rootless user UserOverrideContainersConfig = ".config/containers/containers.conf" )
View Source
const ( // CgroupfsCgroupsManager represents cgroupfs native cgroup manager CgroupfsCgroupsManager = "cgroupfs" // DefaultApparmorProfile specifies the default apparmor profile for the container. DefaultApparmorProfile = "container-default" // SystemdCgroupsManager represents systemd native cgroup manager SystemdCgroupsManager = "systemd" // DefaultLogSizeMax is the default value for the maximum log size // allowed for a container. Negative values mean that no limit is imposed. DefaultLogSizeMax = -1 // DefaultPidsLimit is the default value for maximum number of processes // allowed inside a container DefaultPidsLimit = 2048 // DefaultRootlessSignaturePolicyPath points to the default path of the // rootless policy.json file. DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json" // DefaultShmSize default value DefaultShmSize = "65536k" // OCIBufSize limits maximum LogSizeMax OCIBufSize = 8192 // SeccompOverridePath if this exists it overrides the default seccomp path. SeccompOverridePath = _etcDir + "/crio/seccomp.json" // SeccompDefaultPath defines the default seccomp path. SeccompDefaultPath = _installPrefix + "/share/containers/seccomp.json" )
Variables ¶
View Source
var ( // DefaultInitPath is the default path to the container-init binary DefaultInitPath = "/usr/libexec/podman/catatonit" // DefaultInfraImage to use for infra container DefaultInfraImage = "k8s.gcr.io/pause:3.1" // DefaultInfraCommand to be run in an infra container DefaultInfraCommand = "/pause" // DefaultRootlessSHMLockPath is the default path for rootless SHM locks DefaultRootlessSHMLockPath = "/libpod_rootless_lock" // DefaultDetachKeys is the default keys sequence for detaching a // container DefaultDetachKeys = "ctrl-p,ctrl-q" )
View Source
var ( // ErrConmonOutdated indicates the version of conmon found (whether via the configuration or $PATH) // is out of date for the current podman version ErrConmonOutdated = errors.New("outdated conmon version") // ErrInvalidArg indicates that an invalid argument was passed ErrInvalidArg = errors.New("invalid argument") // DefaultHooksDirs defines the default hooks directory DefaultHooksDirs = []string{"/usr/share/containers/oci/hooks.d"} // DefaultCapabilities for the default_capabilities option in the containers.conf file DefaultCapabilities = []string{ "CAP_AUDIT_WRITE", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_MKNOD", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT", } )
Functions ¶
func Device ¶
Device parses device mapping string to a src, dest & permissions string Valid values for device looklike:
'/dev/sdc" '/dev/sdc:/dev/xvdc" '/dev/sdc:/dev/xvdc:rwm" '/dev/sdc:rm"
func IsDirectory ¶
IsDirectory tests whether the given path exists and is a directory. It follows symlinks.
func IsValidDeviceMode ¶
IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).
Types ¶
type Config ¶
type Config struct {
// Containers specify settings that configure how containers will run ont the system
Containers ContainersConfig `toml:"containers"`
// Libpod specifies how the container engine based on Libpod will run
Libpod LibpodConfig `toml:"libpod"`
// Network section defines the configuration of CNI Plugins
Network NetworkConfig `toml:"network"`
}
Config contains configuration options for container tools
func DefaultConfig ¶
DefaultConfig defines the default values from containers.conf
func NewConfig ¶ added in v0.0.4
NewConfig creates a new Config. It starts with an empty config and, if specified, merges the config at `userConfigPath` path. Depending if we're running as root or rootless, we then merge the system configuration followed by merging the default config (hard-coded default in memory). Note that the OCI runtime is hard-set to `crun` if we're running on a system with cgroupsv2. Other OCI runtimes are not yet supporting cgroupsv2. This might change in the future.
func ReadConfigFromFile ¶ added in v0.0.4
ReadConfigFromFile reads the specified config file at `path` and attempts to unmarshal its content into a Config. The config param specifies the previos default config. If the path, only specifies a few fields in the Toml file the defaults from the config paramater will be used for all other fields.
func (*Config) FindConmon ¶ added in v0.0.4
FindConmon iterates over (*Config).ConmonPath and returns the path to first (version) matching conmon binary. If non is found, we try to do a path lookup of "conmon".
func (*Config) MergeDBConfig ¶ added in v0.0.4
MergeDBConfig merges the configuration from the database.
type ContainersConfig ¶
type ContainersConfig struct {
// Devices to add to containers
AdditionalDevices []string `toml:"additional_devices"`
// ApparmorProfile is the apparmor profile name which is used as the
// default for the runtime.
ApparmorProfile string `toml:"apparmor_profile"`
// CGroupManager is the CGroup Manager to use Valid values are "cgroupfs"
// and "systemd".
CgroupManager string `toml:"cgroup_manager"`
// Capabilities to add to all containers.
DefaultCapabilities []string `toml:"default_capabilities"`
// DefaultMountsFile is the path to the default mounts file for testing
// purposes only.
DefaultMountsFile string `toml:"-"`
// Sysctls to add to all containers.
DefaultSysctls []string `toml:"default_sysctls"`
// DefaultUlimits specifies the default ulimits to apply to containers
DefaultUlimits []string `toml:"default_ulimits"`
// EnableLabeling tells the container engines whether to use MAC
// Labeling to separate containers (SELinux)
EnableLabeling bool `toml:"label"`
// Env is the environment variable list for container process.
Env []string `toml:"env"`
// HooksDir holds paths to the directories containing hooks
// configuration files. When the same filename is present in in
// multiple directories, the file in the directory listed last in
// this slice takes precedence.
HooksDir []string `toml:"hooks_dir"`
// Run an init inside the container that forwards signals and reaps processes.
Init bool `toml:"init"`
// HTTPProxy is the proxy environment variable list to apply to container process
HTTPProxy []string `toml:"http_proxy"`
// LogSizeMax is the maximum number of bytes after which the log file
// will be truncated. It can be expressed as a human-friendly string
// that is parsed to bytes.
// Negative values indicate that the log file won't be truncated.
LogSizeMax int64 `toml:"log_size_max"`
// PidsLimit is the number of processes each container is restricted to
// by the cgroup process number controller.
PidsLimit int64 `toml:"pids_limit"`
// SeccompProfile is the seccomp.json profile path which is used as the
// default for the runtime.
SeccompProfile string `toml:"seccomp_profile"`
// ShmSize holds the size of /dev/shm.
ShmSize string `toml:"shm_size"`
// SignaturePolicyPath is the path to a signature policy to use for
// validating images. If left empty, the containers/image default signature
// policy will be used.
SignaturePolicyPath string `toml:"signature_policy_path,omitempty"`
}
ContainersConfig represents the "containers" TOML config table containers global options for containers tools
func (*ContainersConfig) Validate ¶
func (c *ContainersConfig) Validate() error
Validate is the main entry point for containers configuration validation It returns an `error` on validation failure, otherwise `nil`.
type DBConfig ¶ added in v0.0.4
type DBConfig struct {
LibpodRoot string
LibpodTmp string
StorageRoot string
StorageTmp string
GraphDriver string
VolumePath string
}
DBConfig is a set of Libpod runtime configuration settings that are saved in a State when it is first created, and can subsequently be retrieved.
type LibpodConfig ¶ added in v0.0.4
type LibpodConfig struct {
// ConmonEnvVars are environment variables to pass to the Conmon binary
// when it is launched.
ConmonEnvVars []string `toml:"conmon_env_vars"`
// ConmonPath is the path to the Conmon binary used for managing containers.
// The first path pointing to a valid file will be used.
ConmonPath []string `toml:"conmon_path"`
//DetachKeys is the sequence of keys used to detach a container.
DetachKeys string `toml:"detach_keys"`
// EnablePortReservation determines whether libpod will reserve ports on the
// host when they are forwarded to containers. When enabled, when ports are
// forwarded to containers, they are held open by conmon as long as the
// container is running, ensuring that they cannot be reused by other
// programs on the host. However, this can cause significant memory usage if
// a container has many ports forwarded to it. Disabling this can save
// memory.
EnablePortReservation bool `toml:"enable_port_reservation"`
// EventsLogFilePath is where the events log is stored.
EventsLogFilePath string `toml:"events_logfile_path"`
// EventsLogger determines where events should be logged.
EventsLogger string `toml:"events_logger"`
// ImageDefaultTransport is the default transport method used to fetch
// images.
ImageDefaultTransport string `toml:"image_default_transport"`
// InfraCommand is the command run to start up a pod infra container.
InfraCommand string `toml:"infra_command"`
// InfraImage is the image a pod infra container will use to manage
// namespaces.
InfraImage string `toml:"infra_image"`
// InitPath is the path to the container-init binary.
InitPath string `toml:"init_path"`
// LockType is the type of locking to use.
LockType string `toml:"lock_type,omitempty"`
// Namespace is the libpod namespace to use. Namespaces are used to create
// scopes to separate containers and pods in the state. When namespace is
// set, libpod will only view containers and pods in the same namespace. All
// containers and pods created will default to the namespace set here. A
// namespace of "", the empty string, is equivalent to no namespace, and all
// containers and pods will be visible. The default namespace is "".
Namespace string `toml:"namespace,omitempty"`
// NetworkCmdPath is the path to the slirp4netns binary.
NetworkCmdPath string `toml:"network_cmd_path"`
// NoPivotRoot sets whether to set no-pivot-root in the OCI runtime.
NoPivotRoot bool `toml:"no_pivot_root"`
// NumLocks is the number of locks to make available for containers and
// pods.
NumLocks uint32 `toml:"num_locks,omitempty"`
// OCIRuntime is the OCI runtime to use.
OCIRuntime string `toml:"runtime"`
// OCIRuntimes are the set of configured OCI runtimes (default is runc).
OCIRuntimes map[string][]string `toml:"runtimes"`
// RuntimePath is the path to OCI runtime binary for launching containers.
// The first path pointing to a valid file will be used This is used only
// when there are no OCIRuntime/OCIRuntimes defined. It is used only to be
// backward compatible with older versions of Podman.
RuntimePath []string `toml:"runtime_path"`
// RuntimeSupportsJSON is the list of the OCI runtimes that support
// --format=json.
RuntimeSupportsJSON []string `toml:"runtime_supports_json"`
// RuntimeSupportsNoCgroups is a list of OCI runtimes that support
// running containers without CGroups.
RuntimeSupportsNoCgroups []string `toml:"runtime_supports_nocgroups"`
// SetOptions contains a subset of config options. It's used to indicate if
// a given option has either been set by the user or by a parsed libpod
// configuration file. If not, the corresponding option might be
// overwritten by values from the database. This behavior guarantess
// backwards compat with older version of libpod and Podman.
SetOptions
// SDNotify tells container engine to allow containers to notify the host systemd of
// readiness using the SD_NOTIFY mechanism.
SDNotify bool
// StateType is the type of the backing state store. Avoid using multiple
// values for this with the same containers/storage configuration on the
// same system. Different state types do not interact, and each will see a
// separate set of containers, which may cause conflicts in
// containers/storage. As such this is not exposed via the config file.
StateType RuntimeStateStore `toml:"-"`
// StaticDir is the path to a persistent directory to store container
// files.
StaticDir string `toml:"static_dir"`
// StorageConfig is the configuration used by containers/storage Not
// included in the on-disk config, use the dedicated containers/storage
// configuration file instead.
StorageConfig storage.StoreOptions `toml:"-"`
// TmpDir is the path to a temporary directory to store per-boot container
// files. Must be stored in a tmpfs.
TmpDir string `toml:"tmp_dir"`
// VolumePath is the default location that named volumes will be created
// under. This convention is followed by the default volume driver, but
// may not be by other drivers.
VolumePath string `toml:"volume_path"`
}
LibpodConfig contains configuration options used to set up a libpod runtime
func (*LibpodConfig) Validate ¶ added in v0.0.4
func (c *LibpodConfig) Validate() error
Validate is the main entry point for Libpod configuration validation It returns an `error` on validation failure, otherwise `nil`.
type NetworkConfig ¶
type NetworkConfig struct {
// CNIPluginDirs is where CNI plugin binaries are stored.
CNIPluginDirs []string `toml:"cni_plugin_dirs"`
// DefaultNetwork is the network name of the default CNI network
// to attach pods to.
DefaultNetwork string `toml:"default_network,omitempty"`
// NetworkConfigDir is where CNI network configuration files are stored.
NetworkConfigDir string `toml:"network_config_dir"`
}
NetworkConfig represents the "network" TOML config table
func (*NetworkConfig) Validate ¶
func (c *NetworkConfig) Validate(onExecution bool) error
Validate is the main entry point for network configuration validation. The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.
type RuntimeStateStore ¶ added in v0.0.4
type RuntimeStateStore int
RuntimeStateStore is a constant indicating which state store implementation should be used by libpod
const ( // InvalidStateStore is an invalid state store InvalidStateStore RuntimeStateStore = iota // InMemoryStateStore is an in-memory state that will not persist data // on containers and pods between libpod instances or after system // reboot InMemoryStateStore RuntimeStateStore = iota // SQLiteStateStore is a state backed by a SQLite database // It is presently disabled SQLiteStateStore RuntimeStateStore = iota // BoltDBStateStore is a state backed by a BoltDB database BoltDBStateStore RuntimeStateStore = iota )
type SetOptions ¶ added in v0.0.4
type SetOptions struct {
// StorageConfigRunRootSet indicates if the RunRoot has been explicitly set
// by the config or by the user. It's required to guarantee backwards
// compatibility with older versions of libpod for which we must query the
// database configuration. Not included in the on-disk config.
StorageConfigRunRootSet bool `toml:"-"`
// StorageConfigGraphRootSet indicates if the RunRoot has been explicitly
// set by the config or by the user. It's required to guarantee backwards
// compatibility with older versions of libpod for which we must query the
// database configuration. Not included in the on-disk config.
StorageConfigGraphRootSet bool `toml:"-"`
// StorageConfigGraphDriverNameSet indicates if the GraphDriverName has been
// explicitly set by the config or by the user. It's required to guarantee
// backwards compatibility with older versions of libpod for which we must
// query the database configuration. Not included in the on-disk config.
StorageConfigGraphDriverNameSet bool `toml:"-"`
// StaticDirSet indicates if the StaticDir has been explicitly set by the
// config or by the user. It's required to guarantee backwards compatibility
// with older versions of libpod for which we must query the database
// configuration. Not included in the on-disk config.
StaticDirSet bool `toml:"-"`
// VolumePathSet indicates if the VolumePath has been explicitly set by the
// config or by the user. It's required to guarantee backwards compatibility
// with older versions of libpod for which we must query the database
// configuration. Not included in the on-disk config.
VolumePathSet bool `toml:"-"`
// TmpDirSet indicates if the TmpDir has been explicitly set by the config
// or by the user. It's required to guarantee backwards compatibility with
// older versions of libpod for which we must query the database
// configuration. Not included in the on-disk config.
TmpDirSet bool `toml:"-"`
}
SetOptions contains a subset of options in a Config. It's used to indicate if a given option has either been set by the user or by a parsed libpod configuration file. If not, the corresponding option might be overwritten by values from the database. This behavior guarantess backwards compat with older version of libpod and Podman.
Source Files
Click to show internal directories.
Click to hide internal directories.