Codebase list golang-github-opencontainers-specs / fd27c40
New upstream version 1.0.2.66.g20a2d97 Shengjing Zhu 2 years ago
14 changed file(s) with 273 addition(s) and 39 deletion(s). Raw diff Collapse all Expand all
+1
-1
README.md less more
134134 8. When possible, one keyword to scope the change in the subject (i.e. "README: ...", "runtime: ...")
135135
136136
137 [charter]: https://www.opencontainers.org/about/governance
137 [charter]: https://github.com/opencontainers/tob/blob/master/CHARTER.md
138138 [code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md
139139 [dev-list]: https://groups.google.com/a/opencontainers.org/forum/#!forum/dev
140140 [how-to-git-commit]: http://chris.beams.io/posts/git-commit
+85
-20
config-linux.md less more
263263 * **`limit`** *(int64, OPTIONAL)* - sets limit of memory usage
264264 * **`reservation`** *(int64, OPTIONAL)* - sets soft limit of memory usage
265265 * **`swap`** *(int64, OPTIONAL)* - sets limit of memory+Swap usage
266 * **`kernel`** *(int64, OPTIONAL)* - sets hard limit for kernel memory
267 * **`kernelTCP`** *(int64, OPTIONAL)* - sets hard limit for kernel TCP buffer memory
266 * **`kernel`** *(int64, OPTIONAL, NOT RECOMMENDED)* - sets hard limit for kernel memory
267 * **`kernelTCP`** *(int64, OPTIONAL, NOT RECOMMENDED)* - sets hard limit for kernel TCP buffer memory
268268
269269 The following properties do not specify memory limits, but are covered by the `memory` controller:
270270
529529 The following parameters can be specified for the container:
530530
531531 * **`closID`** *(string, OPTIONAL)* - specifies the identity for RDT Class of Service (CLOS).
532 If `closID` is set, runtimes MUST create `closID` directory in a mounted `resctrl` pseudo-filesystem if it doesn't exist. If not set, runtimes MUST use the container ID from [`start`](runtime.md#start) and create the `<container-id>` directory.
533532
534533 * **`l3CacheSchema`** *(string, OPTIONAL)* - specifies the schema for L3 cache id and capacity bitmask (CBM).
535534 The value SHOULD start with `L3:` and SHOULD NOT contain newlines.
536535 * **`memBwSchema`** *(string, OPTIONAL)* - specifies the schema of memory bandwidth per L3 cache id.
537 * The value MUST start with `MB:` and MUST NOT contain newlines.
538
539 * If both `l3CacheSchema` and `memBwSchema` are set, runtimes MUST write the combined value to the `schemata` file in that sub-directory discussed in `closID`.
540
541 * If `l3CacheSchema` contains a line beginning with `MB:`, the value written to `schemata` file MUST be the non-`MB:` line(s) from `l3CacheSchema` and the line from `memBWSchema`.
542
543 * If either `l3CacheSchema` or `memBwSchema` is set, runtimes MUST write the value to the `schemata` file in the that sub-directory discussed in `closID`.
544
545 * If neither `l3CacheSchema` nor `memBwSchema` is set, runtimes MUST NOT write to `schemata` files in any `resctrl` pseudo-filesystems.
546
547 * If `closID` is set, `l3CacheSchema` and/or `memBwSchema` is set, runtimes MUST compare `l3CacheSchema` and/or `memBwSchema` value with `schemata` file, and [generate an error](runtime.md#errors) if doesn't match.
548
549 * If `closID` is set, and neither of `l3CacheSchema` and `memBwSchema` are set, runtime MUST check if corresponding pre-configured directory `closID` is present in mounted `resctrl`. If such pre-configured directory `closID` exists, runtime MUST assign container to this `closID` and [generate an error](runtime.md#errors) if directory does not exist.
536 The value MUST start with `MB:` and MUST NOT contain newlines.
537
538 The following rules on parameters MUST be applied:
539
540 * If both `l3CacheSchema` and `memBwSchema` are set, runtimes MUST write the combined value to the `schemata` file in that sub-directory discussed in `closID`.
541
542 * If `l3CacheSchema` contains a line beginning with `MB:`, the value written to `schemata` file MUST be the non-`MB:` line(s) from `l3CacheSchema` and the line from `memBWSchema`.
543
544 * If either `l3CacheSchema` or `memBwSchema` is set, runtimes MUST write the value to the `schemata` file in the that sub-directory discussed in `closID`.
545
546 * If neither `l3CacheSchema` nor `memBwSchema` is set, runtimes MUST NOT write to `schemata` files in any `resctrl` pseudo-filesystems.
547
548 * If `closID` is not set, runtimes MUST use the container ID from [`start`](runtime.md#start) and create the `<container-id>` directory.
549
550 * If `closID` is set, `l3CacheSchema` and/or `memBwSchema` is set
551 * if `closID` directory in a mounted `resctrl` pseudo-filesystem doesn't exist, the runtimes MUST create it.
552 * if `closID` directory in a mounted `resctrl` pseudo-filesystem exists, runtimes MUST compare `l3CacheSchema` and/or `memBwSchema` value with `schemata` file, and [generate an error](runtime.md#errors) if doesn't match.
553
554 * If `closID` is set, and neither of `l3CacheSchema` and `memBwSchema` are set, runtime MUST check if corresponding pre-configured directory `closID` is present in mounted `resctrl`. If such pre-configured directory `closID` exists, runtime MUST assign container to this `closID` and [generate an error](runtime.md#errors) if directory does not exist.
550555
551556
552557 ### Example
593598 The following parameters can be specified to set up seccomp:
594599
595600 * **`defaultAction`** *(string, REQUIRED)* - the default action for seccomp. Allowed values are the same as `syscalls[].action`.
601 * **`defaultErrnoRet`** *(uint, OPTIONAL)* - the errno return code to use.
602 Some actions like `SCMP_ACT_ERRNO` and `SCMP_ACT_TRACE` allow to specify the errno code to return.
603 When the action doesn't support an errno, the runtime MUST print and error and fail.
604 If not specified then its default value is `EPERM`.
596605 * **`architectures`** *(array of strings, OPTIONAL)* - the architecture used for system calls.
597606 A valid list of constants as of libseccomp v2.5.0 is shown below.
598607
624633 * `SECCOMP_FILTER_FLAG_LOG`
625634 * `SECCOMP_FILTER_FLAG_SPEC_ALLOW`
626635
636 * **`listenerPath`** *(string, OPTIONAL)* - specifies the path of UNIX domain socket over which the runtime will send the [container process state](#containerprocessstate) data structure when the `SCMP_ACT_NOTIFY` action is used.
637 This socket MUST use `AF_UNIX` domain and `SOCK_STREAM` type.
638 The runtime MUST send exactly one [container process state](#containerprocessstate) per connection.
639 The connection MUST NOT be reused and it MUST be closed after sending a seccomp state.
640 If sending to this socket fails, the runtime MUST [generate an error](runtime.md#errors).
641 If the `SCMP_ACT_NOTIFY` action is not used this value is ignored.
642
643 The runtime sends the following file descriptors using `SCM_RIGHTS` and set their names in the `fds` array of the [container process state](#containerprocessstate):
644
645 * **`seccompFd`** (string, REQUIRED) is the seccomp file descriptor returned by the seccomp syscall.
646
647 * **`listenerMetadata`** *(string, OPTIONAL)* - specifies an opaque data to pass to the seccomp agent.
648 This string will be sent as the `metadata` field in the [container process state](#containerprocessstate).
649 This field MUST NOT be set if `listenerPath` is not set.
650
627651 * **`syscalls`** *(array of objects, OPTIONAL)* - match a syscall in seccomp.
628652 While this property is OPTIONAL, some values of `defaultAction` are not useful without `syscalls` entries.
629653 For example, if `defaultAction` is `SCMP_ACT_KILL` and `syscalls` is empty or unset, the kernel will kill the container process on its first syscall.
632656 * **`names`** *(array of strings, REQUIRED)* - the names of the syscalls.
633657 `names` MUST contain at least one entry.
634658 * **`action`** *(string, REQUIRED)* - the action for seccomp rules.
635 A valid list of constants as of libseccomp v2.4.0 is shown below.
659 A valid list of constants as of libseccomp v2.5.0 is shown below.
636660
637661 * `SCMP_ACT_KILL`
638662 * `SCMP_ACT_KILL_PROCESS`
642666 * `SCMP_ACT_TRACE`
643667 * `SCMP_ACT_ALLOW`
644668 * `SCMP_ACT_LOG`
669 * `SCMP_ACT_NOTIFY`
645670
646671 * **`errnoRet`** *(uint, OPTIONAL)* - the errno return code to use.
647 Some actions like `SCMP_ACT_ERRNO` and `SCMP_ACT_TRACE` allow to specify the errno
648 code to return. If not specified its default value is `EPERM`.
672 Some actions like `SCMP_ACT_ERRNO` and `SCMP_ACT_TRACE` allow to specify the errno code to return.
673 When the action doesn't support an errno, the runtime MUST print and error and fail.
674 If not specified its default value is `EPERM`.
649675
650676 * **`args`** *(array of objects, OPTIONAL)* - the specific syscall in seccomp.
651677 Each entry has the following structure:
685711 }
686712 ```
687713
714 ### <a name="containerprocessstate" />The Container Process State
715
716 The container process state is a data structure passed via a UNIX socket.
717 The container runtime MUST send the container process state over the UNIX socket as regular payload serialized in JSON and file descriptors MUST be sent using `SCM_RIGHTS`.
718 The container runtime MAY use several `sendmsg(2)` calls to send the aforementioned data.
719 If more than one `sendmsg(2)` is used, the file descriptors MUST be sent only in the first call.
720
721 The container process state includes the following properties:
722
723 * **`ociVersion`** (string, REQUIRED) is version of the Open Container Initiative Runtime Specification with which the container process state complies.
724 * **`fds`** (array, OPTIONAL) is a string array containing the names of the file descriptors passed.
725 The index of the name in this array corresponds to index of the file descriptors in the `SCM_RIGHTS` array.
726 * **`pid`** (int, REQUIRED) is the container process ID, as seen by the runtime.
727 * **`metadata`** (string, OPTIONAL) opaque metadata.
728 * **`state`** ([state](runtime.md#state), REQUIRED) is the state of the container.
729
730 Example sending a single `seccompFD` file descriptor in the `SCM_RIGHTS` array:
731
732 ```json
733 {
734 "ociVersion": "0.2.0",
735 "fds": [
736 "seccompFd"
737 ],
738 "pid": 4422,
739 "metadata": "MKNOD=/dev/null,/dev/net/tun;BPF_MAP_TYPES=hash,array",
740 "state": {
741 "ociVersion": "0.2.0",
742 "id": "oci-container1",
743 "status": "creating",
744 "pid": 4422,
745 "bundle": "/containers/redis",
746 "annotations": {
747 "myKey": "myValue"
748 }
749 }
750 }
751 ```
752
688753 ## <a name="configLinuxRootfsMountPropagation" />Rootfs Mount Propagation
689754
690755 **`rootfsPropagation`** (string, OPTIONAL) sets the rootfs's mount propagation.
746811 ## <a name="configLinuxPersonality" />Personality
747812
748813 **`personality`** (object, OPTIONAL) sets the Linux execution personality. For more information
749 see the [personality](personality.2) syscall documentation. As most of the options are
814 see the [personality][personality.2] syscall documentation. As most of the options are
750815 obsolete and rarely used, and some reduce security, the currently supported set is a small
751816 subset of the available options.
752817
+20
-0
config-zos.md less more
0 _This document is a work in progress._
1
2 # <a name="ZOSContainerConfiguration" />z/OS Container Configuration
3
4 This document describes the schema for the [z/OS-specific section](config.md#platform-specific-configuration) of the [container configuration](config.md).
5
6 ## <a name="configZOSDevices" />Devices
7
8 **`devices`** (array of objects, OPTIONAL) lists devices that MUST be available in the container.
9 The runtime MAY supply them however it likes.
10
11 Each entry has the following structure:
12
13 * **`type`** *(string, REQUIRED)* - type of device: `c`, `b`, `u` or `p`.
14 * **`path`** *(string, REQUIRED)* - full path to device inside container.
15 If a file already exists at `path` that does not match the requested device, the runtime MUST generate an error.
16 * **`major, minor`** *(int64, REQUIRED unless `type` is `p`)* - major, minor numbers for the device.
17 * **`fileMode`** *(uint32, OPTIONAL)* - file mode for the device.
18
19 The same `type`, `major` and `minor` SHOULD NOT be used for multiple devices.
+7
-1
config.md less more
189189 For more information about AppArmor, see [AppArmor documentation][apparmor].
190190 * **`capabilities`** (object, OPTIONAL) is an object containing arrays that specifies the sets of capabilities for the process.
191191 Valid values are defined in the [capabilities(7)][capabilities.7] man page, such as `CAP_CHOWN`.
192 Any value which cannot be mapped to a relevant kernel interface MUST cause an error.
192 Any value which cannot be mapped to a relevant kernel interface, or cannot
193 be granted otherwise MUST be [logged as a warning](runtime.md#warnings) by
194 the runtime. Runtimes SHOULD NOT fail if the container configuration requests
195 capabilities that cannot be granted, for example, if the runtime operates in
196 a restricted environment with a limited set of capabilities.
193197 `capabilities` contains the following properties:
194198
195199 * **`effective`** (array of strings, OPTIONAL) the `effective` field is an array of effective capabilities that are kept for the process.
355359 This MAY be set if the target platform of this spec is `solaris`.
356360 * **`vm`** (object, OPTIONAL) [Virtual-machine-specific configuration](config-vm.md).
357361 This MAY be set if the target platform and architecture of this spec support hardware virtualization.
362 * **`zos`** (object, OPTIONAL) [z/OS-specific configuration](config-zos.md).
363 This MAY be set if the target platform of this spec is `zos`.
358364
359365 ### Example (Linux)
360366
+2
-2
runtime.md less more
1717
1818 * `creating`: the container is being created (step 2 in the [lifecycle](#lifecycle))
1919 * `created`: the runtime has finished the [create operation](#create) (after step 2 in the [lifecycle](#lifecycle)), and the container process has neither exited nor executed the user-specified program
20 * `running`: the container process has executed the user-specified program but has not exited (after step 5 in the [lifecycle](#lifecycle))
21 * `stopped`: the container process has exited (step 7 in the [lifecycle](#lifecycle))
20 * `running`: the container process has executed the user-specified program but has not exited (after step 8 in the [lifecycle](#lifecycle))
21 * `stopped`: the container process has exited (step 10 in the [lifecycle](#lifecycle))
2222
2323 Additional values MAY be defined by the runtime, however, they MUST be used to represent new runtime states not defined above.
2424 * **`pid`** (int, REQUIRED when `status` is `created` or `running` on Linux, OPTIONAL on other platforms) is the ID of the container process.
+9
-0
schema/config-linux.json less more
202202 "defaultAction": {
203203 "$ref": "defs-linux.json#/definitions/SeccompAction"
204204 },
205 "defaultErrnoRet": {
206 "$ref": "defs.json#/definitions/uint32"
207 },
205208 "flags": {
206209 "type": "array",
207210 "items": {
208211 "$ref": "defs-linux.json#/definitions/SeccompFlag"
209212 }
213 },
214 "listenerPath": {
215 "type": "string"
216 },
217 "listenerMetadata": {
218 "type": "string"
210219 },
211220 "architectures": {
212221 "type": "array",
+3
-0
schema/config-schema.json less more
179179 },
180180 "vm": {
181181 "$ref": "config-vm.json#/vm"
182 },
183 "zos": {
184 "$ref": "config-zos.json#/zos"
182185 }
183186 },
184187 "required": [
+14
-0
schema/config-zos.json less more
0 {
1 "zos": {
2 "description": "z/OS platform-specific configurations",
3 "type": "object",
4 "properties": {
5 "devices": {
6 "type": "array",
7 "items": {
8 "$ref": "defs-zos.json#/definitions/Device"
9 }
10 }
11 }
12 }
13 }
+2
-1
schema/defs-linux.json less more
6060 "SCMP_ACT_ERRNO",
6161 "SCMP_ACT_TRACE",
6262 "SCMP_ACT_ALLOW",
63 "SCMP_ACT_LOG"
63 "SCMP_ACT_LOG",
64 "SCMP_ACT_NOTIFY"
6465 ]
6566 },
6667 "SeccompFlag": {
+55
-0
schema/defs-zos.json less more
0 {
1 "definitions": {
2 "Major": {
3 "description": "major device number",
4 "$ref": "defs.json#/definitions/int64"
5 },
6 "Minor": {
7 "description": "minor device number",
8 "$ref": "defs.json#/definitions/int64"
9 },
10 "FileMode": {
11 "description": "File permissions mode (typically an octal value)",
12 "type": "integer",
13 "minimum": 0,
14 "maximum": 512
15 },
16 "FileType": {
17 "description": "Type of a block or special character device",
18 "type": "string",
19 "pattern": "^[cbup]$"
20 },
21 "Device": {
22 "type": "object",
23 "required": [
24 "type",
25 "path",
26 "major",
27 "minor"
28 ],
29 "properties": {
30 "path": {
31 "$ref": "defs.json#/definitions/FilePath"
32 },
33 "type": {
34 "$ref": "#/definitions/FileType"
35 },
36 "major": {
37 "$ref": "#/definitions/Major"
38 },
39 "minor": {
40 "$ref": "#/definitions/Minor"
41 },
42 "fileMode": {
43 "$ref": "#/definitions/FileMode"
44 },
45 "uid": {
46 "$ref": "defs.json#/definitions/UID"
47 },
48 "gid": {
49 "$ref": "defs.json#/definitions/GID"
50 }
51 }
52 }
53 }
54 }
+8
-0
schema/test/config/good/zos-minimal.json less more
0 {
1 "ociVersion": "1.0.0",
2 "root": {
3 "path": "rootfs"
4 },
5 "zos": {
6 }
7 }
+2
-0
spec.md less more
1616 * `solaris`: [runtime.md](runtime.md), [config.md](config.md), and [config-solaris.md](config-solaris.md).
1717 * `windows`: [runtime.md](runtime.md), [config.md](config.md), and [config-windows.md](config-windows.md).
1818 * `vm`: [runtime.md](runtime.md), [config.md](config.md), and [config-vm.md](config-vm.md).
19 * `zos`: [runtime.md](runtime.md), [config.md](config.md), and [config-zos.md](config-zos.md).
1920
2021 # <a name="ociRuntimeSpecTOC" />Table of Contents
2122
3031 - [Solaris-specific Configuration](config-solaris.md)
3132 - [Windows-specific Configuration](config-windows.md)
3233 - [Virtual-Machine-specific Configuration](config-vm.md)
34 - [z/OS-specific Configuration](config-zos.md)
3335 - [Glossary](glossary.md)
3436
3537 # <a name="ociRuntimeSpecNotationalConventions" />Notational Conventions
+40
-10
specs-go/config.go less more
1414 // Mounts configures additional mounts (on top of Root).
1515 Mounts []Mount `json:"mounts,omitempty"`
1616 // Hooks configures callbacks for container lifecycle events.
17 Hooks *Hooks `json:"hooks,omitempty" platform:"linux,solaris"`
17 Hooks *Hooks `json:"hooks,omitempty" platform:"linux,solaris,zos"`
1818 // Annotations contains arbitrary metadata for the container.
1919 Annotations map[string]string `json:"annotations,omitempty"`
2020
2626 Windows *Windows `json:"windows,omitempty" platform:"windows"`
2727 // VM specifies configuration for virtual-machine-based containers.
2828 VM *VM `json:"vm,omitempty" platform:"vm"`
29 // ZOS is platform-specific configuration for z/OS based containers.
30 ZOS *ZOS `json:"zos,omitempty" platform:"zos"`
2931 }
3032
3133 // Process contains information to start a specific application inside the container.
4850 // Capabilities are Linux capabilities that are kept for the process.
4951 Capabilities *LinuxCapabilities `json:"capabilities,omitempty" platform:"linux"`
5052 // Rlimits specifies rlimit options to apply to the process.
51 Rlimits []POSIXRlimit `json:"rlimits,omitempty" platform:"linux,solaris"`
53 Rlimits []POSIXRlimit `json:"rlimits,omitempty" platform:"linux,solaris,zos"`
5254 // NoNewPrivileges controls whether additional privileges could be gained by processes in the container.
5355 NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"`
5456 // ApparmorProfile specifies the apparmor profile for the container.
8587 // User specifies specific user (and group) information for the container process.
8688 type User struct {
8789 // UID is the user id.
88 UID uint32 `json:"uid" platform:"linux,solaris"`
90 UID uint32 `json:"uid" platform:"linux,solaris,zos"`
8991 // GID is the group id.
90 GID uint32 `json:"gid" platform:"linux,solaris"`
92 GID uint32 `json:"gid" platform:"linux,solaris,zos"`
9193 // Umask is the umask for the init process.
92 Umask *uint32 `json:"umask,omitempty" platform:"linux,solaris"`
94 Umask *uint32 `json:"umask,omitempty" platform:"linux,solaris,zos"`
9395 // AdditionalGids are additional group ids set for the container's process.
9496 AdditionalGids []uint32 `json:"additionalGids,omitempty" platform:"linux,solaris"`
9597 // Username is the user name.
109111 // Destination is the absolute path where the mount will be placed in the container.
110112 Destination string `json:"destination"`
111113 // Type specifies the mount kind.
112 Type string `json:"type,omitempty" platform:"linux,solaris"`
114 Type string `json:"type,omitempty" platform:"linux,solaris,zos"`
113115 // Source specifies the source path of the mount.
114116 Source string `json:"source,omitempty"`
115117 // Options are fstab style mount options.
597599
598600 // LinuxSeccomp represents syscall restrictions
599601 type LinuxSeccomp struct {
600 DefaultAction LinuxSeccompAction `json:"defaultAction"`
601 Architectures []Arch `json:"architectures,omitempty"`
602 Flags []LinuxSeccompFlag `json:"flags,omitempty"`
603 Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
602 DefaultAction LinuxSeccompAction `json:"defaultAction"`
603 DefaultErrnoRet *uint `json:"defaultErrnoRet,omitempty"`
604 Architectures []Arch `json:"architectures,omitempty"`
605 Flags []LinuxSeccompFlag `json:"flags,omitempty"`
606 ListenerPath string `json:"listenerPath,omitempty"`
607 ListenerMetadata string `json:"listenerMetadata,omitempty"`
608 Syscalls []LinuxSyscall `json:"syscalls,omitempty"`
604609 }
605610
606611 // Arch used for additional architectures
646651 ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE"
647652 ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW"
648653 ActLog LinuxSeccompAction = "SCMP_ACT_LOG"
654 ActNotify LinuxSeccompAction = "SCMP_ACT_NOTIFY"
649655 )
650656
651657 // LinuxSeccompOperator used to match syscall arguments in Seccomp
693699 // default, and in "MBps" if MBA Software Controller is enabled.
694700 MemBwSchema string `json:"memBwSchema,omitempty"`
695701 }
702
703 // ZOS contains platform-specific configuration for z/OS based containers.
704 type ZOS struct {
705 // Devices are a list of device nodes that are created for the container
706 Devices []ZOSDevice `json:"devices,omitempty"`
707 }
708
709 // ZOSDevice represents the mknod information for a z/OS special device file
710 type ZOSDevice struct {
711 // Path to the device.
712 Path string `json:"path"`
713 // Device type, block, char, etc.
714 Type string `json:"type"`
715 // Major is the device's major number.
716 Major int64 `json:"major"`
717 // Minor is the device's minor number.
718 Minor int64 `json:"minor"`
719 // FileMode permission bits for the device.
720 FileMode *os.FileMode `json:"fileMode,omitempty"`
721 // UID of the device.
722 UID *uint32 `json:"uid,omitempty"`
723 // Gid of the device.
724 GID *uint32 `json:"gid,omitempty"`
725 }
+25
-4
specs-go/state.go less more
44
55 const (
66 // StateCreating indicates that the container is being created
7 StateCreating ContainerState = "creating"
7 StateCreating ContainerState = "creating"
88
99 // StateCreated indicates that the runtime has finished the create operation
10 StateCreated ContainerState = "created"
10 StateCreated ContainerState = "created"
1111
1212 // StateRunning indicates that the container process has executed the
1313 // user-specified program but has not exited
14 StateRunning ContainerState = "running"
14 StateRunning ContainerState = "running"
1515
1616 // StateStopped indicates that the container process has exited
17 StateStopped ContainerState = "stopped"
17 StateStopped ContainerState = "stopped"
1818 )
1919
2020 // State holds information about the runtime state of the container.
3232 // Annotations are key values associated with the container.
3333 Annotations map[string]string `json:"annotations,omitempty"`
3434 }
35
36 const (
37 // SeccompFdName is the name of the seccomp notify file descriptor.
38 SeccompFdName string = "seccompFd"
39 )
40
41 // ContainerProcessState holds information about the state of a container process.
42 type ContainerProcessState struct {
43 // Version is the version of the specification that is supported.
44 Version string `json:"ociVersion"`
45 // Fds is a string array containing the names of the file descriptors passed.
46 // The index of the name in this array corresponds to index of the file
47 // descriptor in the `SCM_RIGHTS` array.
48 Fds []string `json:"fds"`
49 // Pid is the process ID as seen by the runtime.
50 Pid int `json:"pid"`
51 // Opaque metadata.
52 Metadata string `json:"metadata,omitempty"`
53 // State of the container.
54 State State `json:"state"`
55 }