summaryrefslogtreecommitdiff
path: root/vendor/src/github.com/docker/libcontainer/container.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/src/github.com/docker/libcontainer/container.go')
-rw-r--r--vendor/src/github.com/docker/libcontainer/container.go65
1 files changed, 19 insertions, 46 deletions
diff --git a/vendor/src/github.com/docker/libcontainer/container.go b/vendor/src/github.com/docker/libcontainer/container.go
index be72d92eee..8fe95c24f7 100644
--- a/vendor/src/github.com/docker/libcontainer/container.go
+++ b/vendor/src/github.com/docker/libcontainer/container.go
@@ -2,24 +2,21 @@ package libcontainer
import (
"github.com/docker/libcontainer/cgroups"
- "github.com/docker/libcontainer/devices"
+ "github.com/docker/libcontainer/mount"
+ "github.com/docker/libcontainer/network"
)
-// Context is a generic key value pair that allows arbatrary data to be sent
-type Context map[string]string
+type MountConfig mount.MountConfig
-// Container defines configuration options for executing a process inside a contained environment
-type Container struct {
- // Hostname optionally sets the container's hostname if provided
- Hostname string `json:"hostname,omitempty"`
+type Network network.Network
- // ReadonlyFs will remount the container's rootfs as readonly where only externally mounted
- // bind mounts are writtable
- ReadonlyFs bool `json:"readonly_fs,omitempty"`
+// Config defines configuration options for executing a process inside a contained environment.
+type Config struct {
+ // Mount specific options.
+ MountConfig *MountConfig `json:"mount_config,omitempty"`
- // NoPivotRoot will use MS_MOVE and a chroot to jail the process into the container's rootfs
- // This is a common option when the container is running in ramdisk
- NoPivotRoot bool `json:"no_pivot_root,omitempty"`
+ // Hostname optionally sets the container's hostname if provided
+ Hostname string `json:"hostname,omitempty"`
// User will set the uid and gid of the executing process running inside the container
User string `json:"user,omitempty"`
@@ -54,41 +51,17 @@ type Container struct {
// placed into to limit the resources the container has available
Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"`
- // Context is a generic key value format that allows for additional settings to be passed
- // on the container's creation
- // This is commonly used to specify apparmor profiles, selinux labels, and different restrictions
- // placed on the container's processes
- Context Context `json:"context,omitempty"`
-
- // Mounts specify additional source and destination paths that will be mounted inside the container's
- // rootfs and mount namespace if specified
- Mounts Mounts `json:"mounts,omitempty"`
-
- // The device nodes that should be automatically created within the container upon container start. Note, make sure that the node is marked as allowed in the cgroup as well!
- DeviceNodes []*devices.Device `json:"device_nodes,omitempty"`
-}
-
-// Network defines configuration for a container's networking stack
-//
-// The network configuration can be omited from a container causing the
-// container to be setup with the host's networking stack
-type Network struct {
- // Type sets the networks type, commonly veth and loopback
- Type string `json:"type,omitempty"`
+ // AppArmorProfile specifies the profile to apply to the process running in the container and is
+ // change at the time the process is execed
+ AppArmorProfile string `json:"apparmor_profile,omitempty"`
- // Context is a generic key value format for setting additional options that are specific to
- // the network type
- Context Context `json:"context,omitempty"`
-
- // Address contains the IP and mask to set on the network interface
- Address string `json:"address,omitempty"`
-
- // Gateway sets the gateway address that is used as the default for the interface
- Gateway string `json:"gateway,omitempty"`
+ // ProcessLabel specifies the label to apply to the process running in the container. It is
+ // commonly used by selinux
+ ProcessLabel string `json:"process_label,omitempty"`
- // Mtu sets the mtu value for the interface and will be mirrored on both the host and
- // container's interfaces if a pair is created, specifically in the case of type veth
- Mtu int `json:"mtu,omitempty"`
+ // RestrictSys will remount /proc/sys, /sys, and mask over sysrq-trigger as well as /proc/irq and
+ // /proc/bus
+ RestrictSys bool `json:"restrict_sys,omitempty"`
}
// Routes can be specified to create entries in the route table as the container is started
View Lorry Controller Status