View Source
const DefaultSandboxCPUshares = 2

    DefaultSandboxCPUshares is default cpu shares for sandbox container. TODO(windows): Revisit cpu shares for windows (


    This section is empty.


    func GetIPCNamespace

    func GetIPCNamespace(pid uint32) string

      GetIPCNamespace returns the ipc namespace of a process.

      func GetNetworkNamespace

      func GetNetworkNamespace(pid uint32) string

        GetNetworkNamespace returns the network namespace of a process.

        func GetPIDNamespace

        func GetPIDNamespace(pid uint32) string

          GetPIDNamespace returns the pid namespace of a process.

          func GetUTSNamespace

          func GetUTSNamespace(pid uint32) string

            GetUTSNamespace returns the uts namespace of a process.

            func IsCgroup2UnifiedMode

            func IsCgroup2UnifiedMode() bool

              IsCgroup2UnifiedMode returns whether we are running in cgroup v2 unified mode.

              func WithAdditionalGIDs

              func WithAdditionalGIDs(userstr string) oci.SpecOpts

                WithAdditionalGIDs adds any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem to the OCI spec's additionalGids array.

                func WithAnnotation

                func WithAnnotation(k, v string) oci.SpecOpts

                  WithAnnotation sets the provided annotation

                  func WithCapabilities

                  func WithCapabilities(sc *runtime.LinuxContainerSecurityContext, allCaps []string) oci.SpecOpts

                    WithCapabilities sets the provided capabilities from the security context

                    func WithContainerdShimCgroup

                    func WithContainerdShimCgroup(path string) containerd.NewTaskOpts

                      WithContainerdShimCgroup returns function that sets the containerd shim cgroup path

                      func WithDefaultSandboxShares

                      func WithDefaultSandboxShares(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error

                        WithDefaultSandboxShares sets the default sandbox CPU shares

                        func WithDevices

                        func WithDevices(osi osinterface.OS, config *runtime.ContainerConfig) oci.SpecOpts

                          WithDevices sets the provided devices onto the container spec

                          func WithDisabledCgroups

                          func WithDisabledCgroups(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

                            WithDisabledCgroups clears the Cgroups Path from the spec

                            func WithMounts

                            func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, mountLabel string) oci.SpecOpts

                              WithMounts sorts and adds runtime and CRI mounts to the spec

                              func WithNewSnapshot

                              func WithNewSnapshot(id string, i containerd.Image, opts ...snapshots.Opt) containerd.NewContainerOpts

                                WithNewSnapshot wraps `containerd.WithNewSnapshot` so that if creating the snapshot fails we make sure the image is actually unpacked and and retry.

                                func WithOOMScoreAdj

                                func WithOOMScoreAdj(config *runtime.ContainerConfig, restrict bool) oci.SpecOpts

                                  WithOOMScoreAdj sets the oom score

                                  func WithPodNamespaces

                                  func WithPodNamespaces(config *runtime.LinuxContainerSecurityContext, pid uint32) oci.SpecOpts

                                    WithPodNamespaces sets the pod namespaces for the container

                                    func WithPodOOMScoreAdj

                                    func WithPodOOMScoreAdj(adj int, restrict bool) oci.SpecOpts

                                      WithPodOOMScoreAdj sets the oom score for the pod sandbox

                                      func WithProcessArgs

                                      func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts

                                        WithProcessArgs sets the process args on the spec based on the image and runtime config

                                        func WithRelabeledContainerMounts

                                        func WithRelabeledContainerMounts(mountLabel string) oci.SpecOpts

                                          WithRelabeledContainerMounts relabels the default container mounts for files in /etc

                                          func WithRelativeRoot

                                          func WithRelativeRoot(root string) oci.SpecOpts

                                            WithRelativeRoot sets the root for the container

                                            func WithResources

                                            func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController, disableHugetlbController bool) oci.SpecOpts

                                              WithResources sets the provided resource restrictions

                                              func WithSelinuxLabels

                                              func WithSelinuxLabels(process, mount string) oci.SpecOpts

                                                WithSelinuxLabels sets the mount and process labels

                                                func WithSupplementalGroups

                                                func WithSupplementalGroups(groups []int64) oci.SpecOpts

                                                  WithSupplementalGroups sets the supplemental groups for the process

                                                  func WithSysctls

                                                  func WithSysctls(sysctls map[string]string) oci.SpecOpts

                                                    WithSysctls sets the provided sysctls onto the spec

                                                    func WithVolumes

                                                    func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts

                                                      WithVolumes copies ownership of volume in rootfs to its corresponding host path. It doesn't update runtime spec. The passed in map is a host path to container path map for all volumes.

                                                      func WithoutAmbientCaps

                                                      func WithoutAmbientCaps(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

                                                        WithoutAmbientCaps removes the ambient caps from the spec

                                                        func WithoutDefaultSecuritySettings

                                                        func WithoutDefaultSecuritySettings(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

                                                          WithoutDefaultSecuritySettings removes the default security settings generated on a spec

                                                          func WithoutNamespace

                                                          func WithoutNamespace(t runtimespec.LinuxNamespaceType) oci.SpecOpts

                                                            WithoutNamespace removes the provided namespace

                                                            func WithoutRoot

                                                            func WithoutRoot(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error

                                                              WithoutRoot sets the root to nil for the container.

                                                              func WithoutRunMount

                                                              func WithoutRunMount(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

                                                                WithoutRunMount removes the `/run` inside the spec


                                                                This section is empty.
                                                                GOOS=linux, GOARCH=amd64