@@ -2,9 +2,7 @@ package specs
22
33import "os"
44
5- // Spec is the base configuration for the container. It specifies platform
6- // independent configuration. This information must be included when the
7- // bundle is packaged for distribution.
5+ // Spec is the base configuration for the container.
86type Spec struct {
97 // Version is the version of the specification that is supported.
108 Version string `json:"ociVersion"`
@@ -17,20 +15,22 @@ type Spec struct {
1715 // Hostname is the container's host name.
1816 Hostname string `json:"hostname,omitempty"`
1917 // Mounts profile configuration for adding mounts to the container's filesystem.
20- Mounts []Mount `json:"mounts"`
18+ Mounts []Mount `json:"mounts,omitempty "`
2119 // Hooks are the commands run at various lifecycle events of the container.
2220 Hooks Hooks `json:"hooks"`
2321 // Annotations is an unstructured key value map that may be set by external tools to store and retrieve arbitrary metadata.
2422 Annotations map [string ]string `json:"annotations,omitempty"`
2523
2624 // Linux is platform specific configuration for Linux based containers.
27- Linux Linux `json:"linux" platform:"linux"`
25+ Linux Linux `json:"linux" platform:"linux,omitempty"`
26+ // Solaris is platform specific configuration for Solaris containers.
27+ Solaris Solaris `json:"solaris" platform:"solaris,omitempty"`
2828}
2929
3030// Process contains information to start a specific application inside the container.
3131type Process struct {
3232 // Terminal creates an interactive terminal for the container.
33- Terminal bool `json:"terminal"`
33+ Terminal bool `json:"terminal,omitempty "`
3434 // User specifies user information for the process.
3535 User User `json:"user"`
3636 // Args specifies the binary and arguments for the application to execute.
@@ -57,9 +57,9 @@ type Process struct {
5757// main process.
5858type User struct {
5959 // UID is the user id. (this field is platform dependent)
60- UID uint32 `json:"uid,omitempty " platform:"linux"`
60+ UID uint32 `json:"uid" platform:"linux"`
6161 // GID is the group id. (this field is platform dependent)
62- GID uint32 `json:"gid,omitempty " platform:"linux"`
62+ GID uint32 `json:"gid" platform:"linux"`
6363 // AdditionalGids are additional group ids set for the container's process. (this field is platform dependent)
6464 AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux"`
6565}
@@ -69,7 +69,7 @@ type Root struct {
6969 // Path is the absolute path to the container's root filesystem.
7070 Path string `json:"path"`
7171 // Readonly makes the root filesystem for the container readonly before the process is executed.
72- Readonly bool `json:"readonly"`
72+ Readonly bool `json:"readonly,omitempty "`
7373}
7474
7575// Platform specifies OS and arch information for the host system that the container
@@ -169,6 +169,8 @@ const (
169169 UTSNamespace = "uts"
170170 // UserNamespace for isolating user and group IDs
171171 UserNamespace = "user"
172+ // CgroupNamespace for isolating cgroup hierarchies
173+ CgroupNamespace = "cgroup"
172174)
173175
174176// IDMapping specifies UID/GID mappings
@@ -358,6 +360,51 @@ type Seccomp struct {
358360 Syscalls []Syscall `json:"syscalls,omitempty"`
359361}
360362
363+ // Solaris contains platform specific configuration for Solaris application containers.
364+ type Solaris struct {
365+ // SMF FMRI which should go "online" before we start the container process.
366+ Milestone string `json:"milestone,omitempty"`
367+ // Maximum set of privileges any process in this container can obtain.
368+ LimitPriv string `json:"limitpriv,omitempty"`
369+ // The maximum amount of shared memory allowed for this container.
370+ MaxShmMemory string `json:"maxShmMemory,omitempty"`
371+ // Specification for automatic creation of network resources for this container.
372+ Anet []Anet `json:"anet,omitempty"`
373+ // Set limit on the amount of CPU time that can be used by container.
374+ CappedCPU CappedCPU `json:"cappedCPU,omitempty"`
375+ // The physical and swap caps on the memory that can be used by this container.
376+ CappedMemory CappedMemory `json:"cappedMemory,omitempty"`
377+ }
378+
379+ // CappedCPU allows users to set limit on the amount of CPU time that can be used by container.
380+ type CappedCPU struct {
381+ Ncpus string `json:"ncpus,omitempty"`
382+ }
383+
384+ // CappedMemory allows users to set the physical and swap caps on the memory that can be used by this container.
385+ type CappedMemory struct {
386+ Physical string `json:"physical,omitempty"`
387+ Swap string `json:"swap,omitempty"`
388+ }
389+
390+ // Anet provides the specification for automatic creation of network resources for this container.
391+ type Anet struct {
392+ // Specify a name for the automatically created VNIC datalink.
393+ Linkname string `json:"linkname,omitempty"`
394+ // Specify the link over which the VNIC will be created.
395+ Lowerlink string `json:"lowerLink,omitempty"`
396+ // The set of IP addresses that the container can use.
397+ Allowedaddr string `json:"allowedAddress,omitempty"`
398+ // Specifies whether allowedAddress limitation is to be applied to the VNIC.
399+ Configallowedaddr string `json:"configureAllowedAddress,omitempty"`
400+ // The value of the optional default router.
401+ Defrouter string `json:"defrouter,omitempty"`
402+ // Enable one or more types of link protection.
403+ Linkprotection string `json:"linkProtection,omitempty"`
404+ // Set the VNIC's macAddress
405+ Macaddress string `json:"macAddress,omitempty"`
406+ }
407+
361408// Arch used for additional architectures
362409type Arch string
363410
@@ -375,6 +422,11 @@ const (
375422 ArchMIPSEL Arch = "SCMP_ARCH_MIPSEL"
376423 ArchMIPSEL64 Arch = "SCMP_ARCH_MIPSEL64"
377424 ArchMIPSEL64N32 Arch = "SCMP_ARCH_MIPSEL64N32"
425+ ArchPPC Arch = "SCMP_ARCH_PPC"
426+ ArchPPC64 Arch = "SCMP_ARCH_PPC64"
427+ ArchPPC64LE Arch = "SCMP_ARCH_PPC64LE"
428+ ArchS390 Arch = "SCMP_ARCH_S390"
429+ ArchS390X Arch = "SCMP_ARCH_S390X"
378430)
379431
380432// Action taken upon Seccomp rule match
0 commit comments