func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
spec.Root.Path = context.String("rootfs")
spec.Root.Readonly = context.Bool("read-only")
spec.Hostname = context.String("hostname")
spec.Process.User.UID = uint32(context.Int("uid"))
spec.Process.User.GID = uint32(context.Int("gid"))
rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
args := context.String("args")
if args != "" {
spec.Process.Args = []string{args}
}
for _, e := range context.StringSlice("env") {
spec.Process.Env = append(spec.Process.Env, e)
}
groups := context.StringSlice("groups")
if groups != nil {
for _, g := range groups {
groupId, err := strconv.Atoi(g)
if err != nil {
return err
}
spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
}
}
if err := setupCapabilities(spec, rspec, context); err != nil {
return err
}
setupNamespaces(spec, rspec, context)
if err := addTmpfsMounts(spec, rspec, context); err != nil {
return err
}
if err := mountCgroups(spec, rspec, context); err != nil {
return err
}
if err := addBindMounts(spec, rspec, context); err != nil {
return err
}
if err := addHooks(spec, rspec, context); err != nil {
return err
}
if err := addRootPropagation(spec, rspec, context); err != nil {
return err
}
return nil
}
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
spec.Root.Path = context.String("rootfs")
spec.Root.Readonly = context.Bool("read-only")
spec.Hostname = context.String("hostname")
spec.Process.User.UID = uint32(context.Int("uid"))
spec.Process.User.GID = uint32(context.Int("gid"))
rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
spec.Version = context.String("version")
spec.Platform.OS = context.String("os")
spec.Platform.Arch = context.String("arch")
spec.Process.Cwd = context.String("cwd")
spec.Process.Terminal = context.Bool("terminal")
rspec.Linux.CgroupsPath = context.String("cgroupspath")
rspec.Linux.ApparmorProfile = context.String("apparmor")
rspec.Linux.Resources.DisableOOMKiller = context.Bool("disableoomiller")
rspec.Linux.Resources.Pids.Limit = int64(context.Int("pids"))
rspec.Linux.Resources.Network.ClassID = context.String("networkid")
for i, a := range context.StringSlice("args") {
if i == 0 {
//Replace "sh" from getDefaultTemplate()
spec.Process.Args[0] = a
} else {
spec.Process.Args = append(spec.Process.Args, a)
}
}
for _, e := range context.StringSlice("env") {
spec.Process.Env = append(spec.Process.Env, e)
}
groups := context.StringSlice("groups")
if groups != nil {
for _, g := range groups {
groupId, err := strconv.Atoi(g)
if err != nil {
return err
}
spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
}
}
if err := setupCapabilities(spec, rspec, context); err != nil {
return err
}
setupNamespaces(spec, rspec, context)
if err := addTmpfsMounts(spec, rspec, context); err != nil {
return err
}
if err := mountCgroups(spec, rspec, context); err != nil {
return err
}
if err := addBindMounts(spec, rspec, context); err != nil {
return err
}
if err := addHooks(spec, rspec, context); err != nil {
return err
}
if err := addRootPropagation(spec, rspec, context); err != nil {
return err
}
if err := addMountPoint(spec, rspec, context); err != nil {
return err
}
if err := setUIDMappings(spec, rspec, context); err != nil {
return err
}
if err := setGIDMappings(spec, rspec, context); err != nil {
return err
}
if err := setRlimits(spec, rspec, context); err != nil {
return err
}
if err := setSysctl(spec, rspec, context); err != nil {
return err
}
if err := addDevice(spec, rspec, context); err != nil {
return err
}
if err := setSeccompDefaultAction(spec, rspec, context); err != nil {
return err
}
if err := addSeccompArchitectures(spec, rspec, context); err != nil {
return err
}
if err := addSeccompSyscalls(spec, rspec, context); err != nil {
return err
}
if err := addHugepageLimit(spec, rspec, context); err != nil {
return err
}
if err := addNetworkPriority(spec, rspec, context); err != nil {
return err
}
if err := addMounts(spec, rspec, context); err != nil {
return err
}
if err := addBlockIO(spec, rspec, context); err != nil {
return err
}
if err := setResourceMemory(spec, rspec, context); err != nil {
return err
}
if err := setResourceCPU(spec, rspec, context); err != nil {
return err
}
return nil
}
func modify(spec *specs.LinuxSpec, rspec *specs.LinuxRuntimeSpec, context *cli.Context) error {
spec.Root.Path = context.String("rootfs")
spec.Root.Readonly = context.Bool("read-only")
spec.Hostname = context.String("hostname")
spec.Process.User.UID = uint32(context.Int("uid"))
spec.Process.User.GID = uint32(context.Int("gid"))
rspec.Linux.SelinuxProcessLabel = context.String("selinux-label")
spec.Platform.OS = context.String("os")
spec.Platform.Arch = context.String("arch")
spec.Process.Cwd = context.String("cwd")
for i, a := range context.StringSlice("args") {
if a != "" {
if i == 0 {
//Replace "sh" from getDefaultTemplate()
spec.Process.Args[0] = a
} else {
spec.Process.Args = append(spec.Process.Args, a)
}
}
}
for _, e := range context.StringSlice("env") {
spec.Process.Env = append(spec.Process.Env, e)
}
groups := context.StringSlice("groups")
if groups != nil {
for _, g := range groups {
groupId, err := strconv.Atoi(g)
if err != nil {
return err
}
spec.Process.User.AdditionalGids = append(spec.Process.User.AdditionalGids, uint32(groupId))
}
}
if err := setupCapabilities(spec, rspec, context); err != nil {
return err
}
setupNamespaces(spec, rspec, context)
if err := addTmpfsMounts(spec, rspec, context); err != nil {
return err
}
if err := mountCgroups(spec, rspec, context); err != nil {
return err
}
if err := addBindMounts(spec, rspec, context); err != nil {
return err
}
if err := addHooks(spec, rspec, context); err != nil {
return err
}
if err := addRootPropagation(spec, rspec, context); err != nil {
return err
}
if err := addIDMappings(spec, rspec, context); err != nil {
return err
}
return nil
}