README
¶
runc
NOTE: Since this is a big change from the current gwoo/runc project I have left the import paths pointing to gwoo/runc
NOTE: Some vendor trickery used because libcontainer includes a vendor/src directory, but still references the default import paths for vendored dependencies. For example, github.com/coreos/go-systemd is import path, but libcontainer/vendor/src/github.com/coreos/go-systemd is the desired dependency. The libcontainer project manages this by including all the files on the command line in the Makefile. This project solve the problem by updating the GOPATH and only including dependencies not part of the libcontainer project in the Godeps manifest.
runc is a CLI tool for spawning and running containers according to the OCF specification.
Building:
git clone https://github.com/gwoo/runc
make install
Using:
To run a container that you received just execute runc run with the JSON format at the argument or have a
container.json file in the current working directory.
runc
/ $ ps
PID USER COMMAND
1 daemon sh
5 daemon sh
/ $
OCF Container JSON Format;
{
"version": "0.1",
"os": "linux",
"arch": "amd64",
"processes": [
{
"tty": true,
"user": "daemon",
"args": [
"sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": ""
}
],
"root": {
"path": "rootfs",
"readonly": true
},
"cpus": 1.1,
"memory": 1024,
"hostname": "shell",
"namespaces": [
{
"type": "process"
},
{
"type": "network"
},
{
"type": "mount"
},
{
"type": "ipc"
},
{
"type": "uts"
}
],
"capabilities": [
"AUDIT_WRITE",
"KILL",
"NET_BIND_SERVICE"
],
"devices": [
"null",
"random",
"full",
"tty",
"zero",
"urandom"
],
"mounts": [
{
"type": "proc",
"source": "proc",
"destination": "/proc",
"options": ""
},
{
"type": "tmpfs",
"source": "tmpfs",
"destination": "/dev",
"options": "nosuid,strictatime,mode=755,size=65536k"
},
{
"type": "devpts",
"source": "devpts",
"destination": "/dev/pts",
"options": "nosuid,noexec,newinstance,ptmxmode=0666,mode=0620,gid=5"
},
{
"type": "tmpfs",
"source": "shm",
"destination": "/dev/shm",
"options": "nosuid,noexec,nodev,mode=1777,size=65536k"
},
{
"type": "mqueue",
"source": "mqueue",
"destination": "/dev/mqueue",
"options": "nosuid,noexec,nodev"
},
{
"type": "sysfs",
"source": "sysfs",
"destination": "/sys",
"options": "nosuid,noexec,nodev"
}
]
}
Examples:
Using runc with systemd
[Unit]
Description=Minecraft Build Server
Documentation=http://minecraft.net
After=network.target
[Service]
CPUQuota=200%
MemoryLimit=1536M
ExecStart=/usr/local/bin/runc
Restart=on-failure
WorkingDirectory=/containers/minecraftbuild
[Install]
WantedBy=multi-user.target
Documentation
¶
Overview ¶
+build linux
Index ¶
- func DefaultID() string
- func DefaultImagePath() string
- func GetContainer(factory libcontainer.Factory, id string) (libcontainer.Container, error)
- func NewFactory(root string, criu string) (libcontainer.Factory, error)
- func NewSignalHandler(tty *TTY) *signalHandler
- type HugepageLimit
- type IfPrioMap
- type LinuxSpec
- func (spec *LinuxSpec) AddDevices(config *configs.Config) error
- func (spec *LinuxSpec) AddGroups(config *configs.Config) error
- func (spec *LinuxSpec) AddMounts(config *configs.Config) error
- func (spec *LinuxSpec) AddNamespaces(config *configs.Config) error
- func (spec *LinuxSpec) AddUserNamespace(config *configs.Config) error
- func (spec *LinuxSpec) CPUQuota() int64
- func (spec *LinuxSpec) NewConfig() (*configs.Config, error)
- func (spec *LinuxSpec) SetReadOnly(config *configs.Config) error
- type Mount
- type Namespace
- type Process
- type Resources
- type Rlimit
- type Root
- type Spec
- type SpecConfig
- type TTY
- type UserMapping
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultID ¶
func DefaultID() string
GetDefaultID returns a string to be used as the container id based on the current working directory of the nsinit process. This function panics if the cwd is unable to be found based on a system error.
func DefaultImagePath ¶
func DefaultImagePath() string
DefaultImagePath returns the current working directory with checkpoint appended.
func GetContainer ¶
func GetContainer(factory libcontainer.Factory, id string) (libcontainer.Container, error)
GetContainer returns the specified container instance by loading it from state with the default factory.
func NewFactory ¶
func NewFactory(root string, criu string) (libcontainer.Factory, error)
NewFactory returns the configured libcontainer.Factory instance for execing containers.
func NewSignalHandler ¶
func NewSignalHandler(tty *TTY) *signalHandler
newSignalHandler returns a signal handler for processing SIGCHLD and SIGWINCH signals while still forwarding all other signals to the process.
Types ¶
type HugepageLimit ¶
type LinuxSpec ¶
type LinuxSpec struct {
Spec
UserMapping map[string]UserMapping `json:"userMapping"`
Rlimits []Rlimit `json:"rlimits"`
SystemProperties map[string]string `json:"systemProperties"`
Resources *Resources `json:"resources"`
}
func NewSpec ¶
NewSpec loads the specification from the provided path. If the path is empty then the default path will be "container.json"
func (*LinuxSpec) AddNamespaces ¶
func (*LinuxSpec) AddUserNamespace ¶
type Resources ¶
type Resources struct {
// Memory reservation or soft_limit (in bytes)
MemoryReservation int64 `json:"memoryReservation"`
// Total memory usage (memory + swap); set `-1' to disable swap
MemorySwap int64 `json:"memorySwap"`
// Kernel memory limit (in bytes)
KernelMemory int64 `json:"kernelMemory"`
CpuShares int64 `json:"cpuShares"`
// CPU hardcap limit (in usecs). Allowed cpu time in a given period.
CpuQuota int64 `json:"cpuQuota"`
// CPU period to be used for hardcapping (in usecs). 0 to use system default.
CpuPeriod int64 `json:"cpuPeriod"`
// How many time CPU will use in realtime scheduling (in usecs).
CpuRtRuntime int64 `json:"cpuQuota"`
// CPU period to be used for realtime scheduling (in usecs).
CpuRtPeriod int64 `json:"cpuPeriod"`
// CPU to use
CpusetCpus string `json:"cpusetCpus"`
// MEM to use
CpusetMems string `json:"cpusetMems"`
// IO read rate limit per cgroup per device, bytes per second.
BlkioThrottleReadBpsDevice string `json:"blkioThrottleReadBpsDevice"`
// IO write rate limit per cgroup per divice, bytes per second.
BlkioThrottleWriteBpsDevice string `json:"blkioThrottleWriteBpsDevice"`
// IO read rate limit per cgroup per device, IO per second.
BlkioThrottleReadIOpsDevice string `json:"blkioThrottleReadIopsDevice"`
// IO write rate limit per cgroup per device, IO per second.
BlkioThrottleWriteIOpsDevice string `json:"blkioThrottleWriteIopsDevice"`
// Specifies per cgroup weight, range is from 10 to 1000.
BlkioWeight int64 `json:"blkioWeight"`
// Weight per cgroup per device, can override BlkioWeight.
BlkioWeightDevice string `json:"blkioWeightDevice"`
// Hugetlb limit (in bytes)
HugetlbLimit []*HugepageLimit `json:"hugetlbLimit"`
// Whether to disable OOM Killer
DisableOOMKiller bool `json:"disableOOMKiller"`
// Set priority of network traffic for container
NetPrioIfpriomap []*IfPrioMap `json:"netPrioIfpriomap"`
// Set class identifier for container's network packets
NetClsClassid string `json:"netClsClassid"`
}
type Spec ¶
type Spec struct {
Version string `json:"version"`
OS string `json:"os"`
Arch string `json:"arch"`
Processes []*Process `json:"processes"`
Root Root `json:"root"`
Cpus float64 `json:"cpus"` // in 1.1 for 110% cpus
Memory int64 `json:"memory"` // in mb; 1024m
Hostname string `json:"hostname"`
Namespaces []Namespace `json:"namespaces"`
Capabilities []string `json:"capabilities"`
Devices []string `json:"devices"`
Mounts []Mount `json:"mounts"`
}
type SpecConfig ¶
type SpecConfig interface {
NewConfig() (*configs.Config, error)
AddNamepsaces(config *configs.Config) error
AddMounts(config *configs.Config) error
AddDevices(config *configs.Config) error
AddUserNamespace(config *configs.Config) error
AddGroups(config *configs.Config) error
SetReadOnly(config *configs.Config) error
}
type TTY ¶
type TTY struct {
// contains filtered or unexported fields
}
type UserMapping ¶
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Godeps
|
|
|
_workspace/src/github.com/codegangsta/cli
Package cli provides a minimal framework for creating and organizing command line Go applications.
|
Package cli provides a minimal framework for creating and organizing command line Go applications. |
|
_workspace/src/github.com/docker/libcontainer
Libcontainer provides a native Go implementation for creating containers with namespaces, cgroups, capabilities, and filesystem access controls.
|
Libcontainer provides a native Go implementation for creating containers with namespaces, cgroups, capabilities, and filesystem access controls. |
|
_workspace/src/github.com/docker/libcontainer/integration
integration is used for integration testing of libcontainer
|
integration is used for integration testing of libcontainer |
|
_workspace/src/github.com/docker/libcontainer/netlink
Packet netlink provide access to low level Netlink sockets and messages.
|
Packet netlink provide access to low level Netlink sockets and messages. |
|
_workspace/src/github.com/docker/libcontainer/seccomp
Package seccomp provides native seccomp ( https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt ) support for go.
|
Package seccomp provides native seccomp ( https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt ) support for go. |
|
cmd
|
|
Click to show internal directories.
Click to hide internal directories.