diff options
Diffstat (limited to 'vendor/src/github.com/docker/libcontainer/container.go')
-rw-r--r-- | vendor/src/github.com/docker/libcontainer/container.go | 65 |
1 files changed, 19 insertions, 46 deletions
diff --git a/vendor/src/github.com/docker/libcontainer/container.go b/vendor/src/github.com/docker/libcontainer/container.go index be72d92eee..8fe95c24f7 100644 --- a/vendor/src/github.com/docker/libcontainer/container.go +++ b/vendor/src/github.com/docker/libcontainer/container.go @@ -2,24 +2,21 @@ package libcontainer import ( "github.com/docker/libcontainer/cgroups" - "github.com/docker/libcontainer/devices" + "github.com/docker/libcontainer/mount" + "github.com/docker/libcontainer/network" ) -// Context is a generic key value pair that allows arbatrary data to be sent -type Context map[string]string +type MountConfig mount.MountConfig -// Container defines configuration options for executing a process inside a contained environment -type Container struct { - // Hostname optionally sets the container's hostname if provided - Hostname string `json:"hostname,omitempty"` +type Network network.Network - // ReadonlyFs will remount the container's rootfs as readonly where only externally mounted - // bind mounts are writtable - ReadonlyFs bool `json:"readonly_fs,omitempty"` +// Config defines configuration options for executing a process inside a contained environment. +type Config struct { + // Mount specific options. + MountConfig *MountConfig `json:"mount_config,omitempty"` - // NoPivotRoot will use MS_MOVE and a chroot to jail the process into the container's rootfs - // This is a common option when the container is running in ramdisk - NoPivotRoot bool `json:"no_pivot_root,omitempty"` + // Hostname optionally sets the container's hostname if provided + Hostname string `json:"hostname,omitempty"` // User will set the uid and gid of the executing process running inside the container User string `json:"user,omitempty"` @@ -54,41 +51,17 @@ type Container struct { // placed into to limit the resources the container has available Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"` - // Context is a generic key value format that allows for additional settings to be passed - // on the container's creation - // This is commonly used to specify apparmor profiles, selinux labels, and different restrictions - // placed on the container's processes - Context Context `json:"context,omitempty"` - - // Mounts specify additional source and destination paths that will be mounted inside the container's - // rootfs and mount namespace if specified - Mounts Mounts `json:"mounts,omitempty"` - - // The device nodes that should be automatically created within the container upon container start. Note, make sure that the node is marked as allowed in the cgroup as well! - DeviceNodes []*devices.Device `json:"device_nodes,omitempty"` -} - -// Network defines configuration for a container's networking stack -// -// The network configuration can be omited from a container causing the -// container to be setup with the host's networking stack -type Network struct { - // Type sets the networks type, commonly veth and loopback - Type string `json:"type,omitempty"` + // AppArmorProfile specifies the profile to apply to the process running in the container and is + // change at the time the process is execed + AppArmorProfile string `json:"apparmor_profile,omitempty"` - // Context is a generic key value format for setting additional options that are specific to - // the network type - Context Context `json:"context,omitempty"` - - // Address contains the IP and mask to set on the network interface - Address string `json:"address,omitempty"` - - // Gateway sets the gateway address that is used as the default for the interface - Gateway string `json:"gateway,omitempty"` + // ProcessLabel specifies the label to apply to the process running in the container. It is + // commonly used by selinux + ProcessLabel string `json:"process_label,omitempty"` - // Mtu sets the mtu value for the interface and will be mirrored on both the host and - // container's interfaces if a pair is created, specifically in the case of type veth - Mtu int `json:"mtu,omitempty"` + // RestrictSys will remount /proc/sys, /sys, and mask over sysrq-trigger as well as /proc/irq and + // /proc/bus + RestrictSys bool `json:"restrict_sys,omitempty"` } // Routes can be specified to create entries in the route table as the container is started |