From 8eea644ccc37b2a766ebee095bfaa4f1d3e20769 Mon Sep 17 00:00:00 2001 From: Zhang Wei Date: Sat, 17 Dec 2016 13:01:53 +0800 Subject: [PATCH] Bump runtime-spec to v1.0.0-rc3 * Bump underlying runtime-spec to version 1.0.0-rc3 * Fix related changed struct names in config.go Signed-off-by: Zhang Wei --- Godeps/Godeps.json | 4 +- .../runtime-spec/specs-go/config.go | 212 +++++++++--------- .../runtime-spec/specs-go/state.go | 2 +- .../runtime-spec/specs-go/version.go | 2 +- checkpoint.go | 4 +- libcontainer/specconv/spec_linux.go | 37 +-- libcontainer/specconv/spec_linux_test.go | 2 +- spec.go | 10 +- update.go | 8 +- 9 files changed, 133 insertions(+), 148 deletions(-) diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index b2b59dbd11b..1a0332b5dd7 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -59,8 +59,8 @@ }, { "ImportPath": "github.com/opencontainers/runtime-spec/specs-go", - "Comment": "v1.0.0-rc2-38-g1c7c27d", - "Rev": "1c7c27d043c2a5e513a44084d2b10d77d1402b8c" + "Comment": "v1.0.0-rc3", + "Rev": "794ca7ac88234607f9d2c76da8a6e9bbbade8cb9" }, { "ImportPath": "github.com/seccomp/libseccomp-golang", diff --git a/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/config.go b/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/config.go index 491b734c937..0166f46b357 100644 --- a/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/config.go +++ b/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/config.go @@ -47,7 +47,7 @@ type Process struct { // Capabilities are Linux capabilities that are kept for the container. Capabilities []string `json:"capabilities,omitempty" platform:"linux"` // Rlimits specifies rlimit options to apply to the process. - Rlimits []Rlimit `json:"rlimits,omitempty" platform:"linux"` + Rlimits []LinuxRlimit `json:"rlimits,omitempty" platform:"linux"` // NoNewPrivileges controls whether additional privileges could be gained by processes in the container. NoNewPrivileges bool `json:"noNewPrivileges,omitempty" platform:"linux"` // ApparmorProfile specifies the apparmor profile for the container. @@ -128,24 +128,24 @@ type Hooks struct { // Linux contains platform specific configuration for Linux based containers. type Linux struct { // UIDMapping specifies user mappings for supporting user namespaces on Linux. - UIDMappings []IDMapping `json:"uidMappings,omitempty"` + UIDMappings []LinuxIDMapping `json:"uidMappings,omitempty"` // GIDMapping specifies group mappings for supporting user namespaces on Linux. - GIDMappings []IDMapping `json:"gidMappings,omitempty"` + GIDMappings []LinuxIDMapping `json:"gidMappings,omitempty"` // Sysctl are a set of key value pairs that are set for the container on start Sysctl map[string]string `json:"sysctl,omitempty"` // Resources contain cgroup information for handling resource constraints // for the container - Resources *Resources `json:"resources,omitempty"` + Resources *LinuxResources `json:"resources,omitempty"` // CgroupsPath specifies the path to cgroups that are created and/or joined by the container. // The path is expected to be relative to the cgroups mountpoint. // If resources are specified, the cgroups at CgroupsPath will be updated based on resources. CgroupsPath *string `json:"cgroupsPath,omitempty"` // Namespaces contains the namespaces that are created and/or joined by the container - Namespaces []Namespace `json:"namespaces,omitempty"` + Namespaces []LinuxNamespace `json:"namespaces,omitempty"` // Devices are a list of device nodes that are created for the container - Devices []Device `json:"devices,omitempty"` + Devices []LinuxDevice `json:"devices,omitempty"` // Seccomp specifies the seccomp security settings for the container. - Seccomp *Seccomp `json:"seccomp,omitempty"` + Seccomp *LinuxSeccomp `json:"seccomp,omitempty"` // RootfsPropagation is the rootfs mount propagation mode for the container. RootfsPropagation string `json:"rootfsPropagation,omitempty"` // MaskedPaths masks over the provided paths inside the container. @@ -156,21 +156,21 @@ type Linux struct { MountLabel string `json:"mountLabel,omitempty"` } -// Namespace is the configuration for a Linux namespace -type Namespace struct { +// LinuxNamespace is the configuration for a Linux namespace +type LinuxNamespace struct { // Type is the type of Linux namespace - Type NamespaceType `json:"type"` + Type LinuxNamespaceType `json:"type"` // Path is a path to an existing namespace persisted on disk that can be joined // and is of the same type Path string `json:"path,omitempty"` } -// NamespaceType is one of the Linux namespaces -type NamespaceType string +// LinuxNamespaceType is one of the Linux namespaces +type LinuxNamespaceType string const ( // PIDNamespace for isolating process IDs - PIDNamespace NamespaceType = "pid" + PIDNamespace LinuxNamespaceType = "pid" // NetworkNamespace for isolating network devices, stacks, ports, etc NetworkNamespace = "network" // MountNamespace for isolating mount points @@ -185,18 +185,18 @@ const ( CgroupNamespace = "cgroup" ) -// IDMapping specifies UID/GID mappings -type IDMapping struct { - // HostID is the UID/GID of the host user or group +// LinuxIDMapping specifies UID/GID mappings +type LinuxIDMapping struct { + // HostID is the starting UID/GID on the host to be mapped to 'ContainerID' HostID uint32 `json:"hostID"` - // ContainerID is the UID/GID of the container's user or group + // ContainerID is the starting UID/GID in the container ContainerID uint32 `json:"containerID"` - // Size is the length of the range of IDs mapped between the two namespaces + // Size is the number of IDs to be mapped Size uint32 `json:"size"` } -// Rlimit type and restrictions -type Rlimit struct { +// LinuxRlimit type and restrictions +type LinuxRlimit struct { // Type of the rlimit to set Type string `json:"type"` // Hard is the hard limit for the specified type @@ -205,66 +205,66 @@ type Rlimit struct { Soft uint64 `json:"soft"` } -// HugepageLimit structure corresponds to limiting kernel hugepages -type HugepageLimit struct { +// LinuxHugepageLimit structure corresponds to limiting kernel hugepages +type LinuxHugepageLimit struct { // Pagesize is the hugepage size - Pagesize *string `json:"pageSize,omitempty"` + Pagesize string `json:"pageSize"` // Limit is the limit of "hugepagesize" hugetlb usage - Limit *uint64 `json:"limit,omitempty"` + Limit uint64 `json:"limit"` } -// InterfacePriority for network interfaces -type InterfacePriority struct { +// LinuxInterfacePriority for network interfaces +type LinuxInterfacePriority struct { // Name is the name of the network interface Name string `json:"name"` // Priority for the interface Priority uint32 `json:"priority"` } -// blockIODevice holds major:minor format supported in blkio cgroup -type blockIODevice struct { +// linuxBlockIODevice holds major:minor format supported in blkio cgroup +type linuxBlockIODevice struct { // Major is the device's major number. Major int64 `json:"major"` // Minor is the device's minor number. Minor int64 `json:"minor"` } -// WeightDevice struct holds a `major:minor weight` pair for blkioWeightDevice -type WeightDevice struct { - blockIODevice +// LinuxWeightDevice struct holds a `major:minor weight` pair for blkioWeightDevice +type LinuxWeightDevice struct { + linuxBlockIODevice // Weight is the bandwidth rate for the device, range is from 10 to 1000 Weight *uint16 `json:"weight,omitempty"` // LeafWeight is the bandwidth rate for the device while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only LeafWeight *uint16 `json:"leafWeight,omitempty"` } -// ThrottleDevice struct holds a `major:minor rate_per_second` pair -type ThrottleDevice struct { - blockIODevice +// LinuxThrottleDevice struct holds a `major:minor rate_per_second` pair +type LinuxThrottleDevice struct { + linuxBlockIODevice // Rate is the IO rate limit per cgroup per device - Rate *uint64 `json:"rate,omitempty"` + Rate uint64 `json:"rate"` } -// BlockIO for Linux cgroup 'blkio' resource management -type BlockIO struct { +// LinuxBlockIO for Linux cgroup 'blkio' resource management +type LinuxBlockIO struct { // Specifies per cgroup weight, range is from 10 to 1000 Weight *uint16 `json:"blkioWeight,omitempty"` // Specifies tasks' weight in the given cgroup while competing with the cgroup's child cgroups, range is from 10 to 1000, CFQ scheduler only LeafWeight *uint16 `json:"blkioLeafWeight,omitempty"` // Weight per cgroup per device, can override BlkioWeight - WeightDevice []WeightDevice `json:"blkioWeightDevice,omitempty"` + WeightDevice []LinuxWeightDevice `json:"blkioWeightDevice,omitempty"` // IO read rate limit per cgroup per device, bytes per second - ThrottleReadBpsDevice []ThrottleDevice `json:"blkioThrottleReadBpsDevice,omitempty"` + ThrottleReadBpsDevice []LinuxThrottleDevice `json:"blkioThrottleReadBpsDevice,omitempty"` // IO write rate limit per cgroup per device, bytes per second - ThrottleWriteBpsDevice []ThrottleDevice `json:"blkioThrottleWriteBpsDevice,omitempty"` + ThrottleWriteBpsDevice []LinuxThrottleDevice `json:"blkioThrottleWriteBpsDevice,omitempty"` // IO read rate limit per cgroup per device, IO per second - ThrottleReadIOPSDevice []ThrottleDevice `json:"blkioThrottleReadIOPSDevice,omitempty"` + ThrottleReadIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleReadIOPSDevice,omitempty"` // IO write rate limit per cgroup per device, IO per second - ThrottleWriteIOPSDevice []ThrottleDevice `json:"blkioThrottleWriteIOPSDevice,omitempty"` + ThrottleWriteIOPSDevice []LinuxThrottleDevice `json:"blkioThrottleWriteIOPSDevice,omitempty"` } -// Memory for Linux cgroup 'memory' resource management -type Memory struct { +// LinuxMemory for Linux cgroup 'memory' resource management +type LinuxMemory struct { // Memory limit (in bytes). Limit *uint64 `json:"limit,omitempty"` // Memory reservation or soft_limit (in bytes). @@ -279,8 +279,8 @@ type Memory struct { Swappiness *uint64 `json:"swappiness,omitempty"` } -// CPU for Linux cgroup 'cpu' resource management -type CPU struct { +// LinuxCPU for Linux cgroup 'cpu' resource management +type LinuxCPU struct { // CPU shares (relative weight (ratio) vs. other cgroups with cpu shares). Shares *uint64 `json:"shares,omitempty"` // CPU hardcap limit (in usecs). Allowed cpu time in a given period. @@ -297,44 +297,44 @@ type CPU struct { Mems *string `json:"mems,omitempty"` } -// Pids for Linux cgroup 'pids' resource management (Linux 4.3) -type Pids struct { +// LinuxPids for Linux cgroup 'pids' resource management (Linux 4.3) +type LinuxPids struct { // Maximum number of PIDs. Default is "no limit". - Limit *int64 `json:"limit,omitempty"` + Limit int64 `json:"limit"` } -// Network identification and priority configuration -type Network struct { +// LinuxNetwork identification and priority configuration +type LinuxNetwork struct { // Set class identifier for container's network packets ClassID *uint32 `json:"classID,omitempty"` // Set priority of network traffic for container - Priorities []InterfacePriority `json:"priorities,omitempty"` + Priorities []LinuxInterfacePriority `json:"priorities,omitempty"` } -// Resources has container runtime resource constraints -type Resources struct { +// LinuxResources has container runtime resource constraints +type LinuxResources struct { // Devices configures the device whitelist. - Devices []DeviceCgroup `json:"devices,omitempty"` + Devices []LinuxDeviceCgroup `json:"devices,omitempty"` // DisableOOMKiller disables the OOM killer for out of memory conditions DisableOOMKiller *bool `json:"disableOOMKiller,omitempty"` // Specify an oom_score_adj for the container. OOMScoreAdj *int `json:"oomScoreAdj,omitempty"` // Memory restriction configuration - Memory *Memory `json:"memory,omitempty"` + Memory *LinuxMemory `json:"memory,omitempty"` // CPU resource restriction configuration - CPU *CPU `json:"cpu,omitempty"` + CPU *LinuxCPU `json:"cpu,omitempty"` // Task resource restriction configuration. - Pids *Pids `json:"pids,omitempty"` + Pids *LinuxPids `json:"pids,omitempty"` // BlockIO restriction configuration - BlockIO *BlockIO `json:"blockIO,omitempty"` + BlockIO *LinuxBlockIO `json:"blockIO,omitempty"` // Hugetlb limit (in bytes) - HugepageLimits []HugepageLimit `json:"hugepageLimits,omitempty"` + HugepageLimits []LinuxHugepageLimit `json:"hugepageLimits,omitempty"` // Network restriction configuration - Network *Network `json:"network,omitempty"` + Network *LinuxNetwork `json:"network,omitempty"` } -// Device represents the mknod information for a Linux special device file -type Device struct { +// LinuxDevice represents the mknod information for a Linux special device file +type LinuxDevice struct { // Path to the device. Path string `json:"path"` // Device type, block, char, etc. @@ -351,8 +351,8 @@ type Device struct { GID *uint32 `json:"gid,omitempty"` } -// DeviceCgroup represents a device rule for the whitelist controller -type DeviceCgroup struct { +// LinuxDeviceCgroup represents a device rule for the whitelist controller +type LinuxDeviceCgroup struct { // Allow or deny Allow bool `json:"allow"` // Device type, block, char, etc. @@ -365,11 +365,11 @@ type DeviceCgroup struct { Access *string `json:"access,omitempty"` } -// Seccomp represents syscall restrictions -type Seccomp struct { - DefaultAction Action `json:"defaultAction"` - Architectures []Arch `json:"architectures"` - Syscalls []Syscall `json:"syscalls,omitempty"` +// LinuxSeccomp represents syscall restrictions +type LinuxSeccomp struct { + DefaultAction LinuxSeccompAction `json:"defaultAction"` + Architectures []Arch `json:"architectures"` + Syscalls []LinuxSyscall `json:"syscalls,omitempty"` } // Solaris contains platform specific configuration for Solaris application containers. @@ -381,26 +381,26 @@ type Solaris struct { // The maximum amount of shared memory allowed for this container. MaxShmMemory string `json:"maxShmMemory,omitempty"` // Specification for automatic creation of network resources for this container. - Anet []Anet `json:"anet,omitempty"` + Anet []SolarisAnet `json:"anet,omitempty"` // Set limit on the amount of CPU time that can be used by container. - CappedCPU *CappedCPU `json:"cappedCPU,omitempty"` + CappedCPU *SolarisCappedCPU `json:"cappedCPU,omitempty"` // The physical and swap caps on the memory that can be used by this container. - CappedMemory *CappedMemory `json:"cappedMemory,omitempty"` + CappedMemory *SolarisCappedMemory `json:"cappedMemory,omitempty"` } -// CappedCPU allows users to set limit on the amount of CPU time that can be used by container. -type CappedCPU struct { +// SolarisCappedCPU allows users to set limit on the amount of CPU time that can be used by container. +type SolarisCappedCPU struct { Ncpus string `json:"ncpus,omitempty"` } -// CappedMemory allows users to set the physical and swap caps on the memory that can be used by this container. -type CappedMemory struct { +// SolarisCappedMemory allows users to set the physical and swap caps on the memory that can be used by this container. +type SolarisCappedMemory struct { Physical string `json:"physical,omitempty"` Swap string `json:"swap,omitempty"` } -// Anet provides the specification for automatic creation of network resources for this container. -type Anet struct { +// SolarisAnet provides the specification for automatic creation of network resources for this container. +type SolarisAnet struct { // Specify a name for the automatically created VNIC datalink. Linkname string `json:"linkname,omitempty"` // Specify the link over which the VNIC will be created. @@ -493,43 +493,43 @@ const ( ArchS390X Arch = "SCMP_ARCH_S390X" ) -// Action taken upon Seccomp rule match -type Action string +// LinuxSeccompAction taken upon Seccomp rule match +type LinuxSeccompAction string // Define actions for Seccomp rules const ( - ActKill Action = "SCMP_ACT_KILL" - ActTrap Action = "SCMP_ACT_TRAP" - ActErrno Action = "SCMP_ACT_ERRNO" - ActTrace Action = "SCMP_ACT_TRACE" - ActAllow Action = "SCMP_ACT_ALLOW" + ActKill LinuxSeccompAction = "SCMP_ACT_KILL" + ActTrap LinuxSeccompAction = "SCMP_ACT_TRAP" + ActErrno LinuxSeccompAction = "SCMP_ACT_ERRNO" + ActTrace LinuxSeccompAction = "SCMP_ACT_TRACE" + ActAllow LinuxSeccompAction = "SCMP_ACT_ALLOW" ) -// Operator used to match syscall arguments in Seccomp -type Operator string +// LinuxSeccompOperator used to match syscall arguments in Seccomp +type LinuxSeccompOperator string // Define operators for syscall arguments in Seccomp const ( - OpNotEqual Operator = "SCMP_CMP_NE" - OpLessThan Operator = "SCMP_CMP_LT" - OpLessEqual Operator = "SCMP_CMP_LE" - OpEqualTo Operator = "SCMP_CMP_EQ" - OpGreaterEqual Operator = "SCMP_CMP_GE" - OpGreaterThan Operator = "SCMP_CMP_GT" - OpMaskedEqual Operator = "SCMP_CMP_MASKED_EQ" + OpNotEqual LinuxSeccompOperator = "SCMP_CMP_NE" + OpLessThan LinuxSeccompOperator = "SCMP_CMP_LT" + OpLessEqual LinuxSeccompOperator = "SCMP_CMP_LE" + OpEqualTo LinuxSeccompOperator = "SCMP_CMP_EQ" + OpGreaterEqual LinuxSeccompOperator = "SCMP_CMP_GE" + OpGreaterThan LinuxSeccompOperator = "SCMP_CMP_GT" + OpMaskedEqual LinuxSeccompOperator = "SCMP_CMP_MASKED_EQ" ) -// Arg used for matching specific syscall arguments in Seccomp -type Arg struct { - Index uint `json:"index"` - Value uint64 `json:"value"` - ValueTwo uint64 `json:"valueTwo"` - Op Operator `json:"op"` +// LinuxSeccompArg used for matching specific syscall arguments in Seccomp +type LinuxSeccompArg struct { + Index uint `json:"index"` + Value uint64 `json:"value"` + ValueTwo uint64 `json:"valueTwo"` + Op LinuxSeccompOperator `json:"op"` } -// Syscall is used to match a syscall in Seccomp -type Syscall struct { - Name string `json:"name"` - Action Action `json:"action"` - Args []Arg `json:"args,omitempty"` +// LinuxSyscall is used to match a syscall in Seccomp +type LinuxSyscall struct { + Name string `json:"name"` + Action LinuxSeccompAction `json:"action"` + Args []LinuxSeccompArg `json:"args,omitempty"` } diff --git a/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/state.go b/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/state.go index ad31b893bbf..a74874ed59e 100644 --- a/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/state.go +++ b/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/state.go @@ -3,7 +3,7 @@ package specs // State holds information about the runtime state of the container. type State struct { // Version is the version of the specification that is supported. - Version string `json:"version"` + Version string `json:"ociVersion"` // ID is the container ID ID string `json:"id"` // Status is the runtime state of the container. diff --git a/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/version.go b/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/version.go index 8b5ec89089e..9d1612a0699 100644 --- a/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/version.go +++ b/Godeps/_workspace/src/github.com/opencontainers/runtime-spec/specs-go/version.go @@ -11,7 +11,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-rc2-dev" + VersionDev = "-rc3" ) // Version is the specification version that the package types support. diff --git a/checkpoint.go b/checkpoint.go index 3def699bc6e..8949deb0c33 100644 --- a/checkpoint.go +++ b/checkpoint.go @@ -102,7 +102,7 @@ func setManageCgroupsMode(context *cli.Context, options *libcontainer.CriuOpts) } } -var namespaceMapping = map[specs.NamespaceType]int{ +var namespaceMapping = map[specs.LinuxNamespaceType]int{ specs.NetworkNamespace: syscall.CLONE_NEWNET, } @@ -110,7 +110,7 @@ func setEmptyNsMask(context *cli.Context, options *libcontainer.CriuOpts) error var nsmask int for _, ns := range context.StringSlice("empty-ns") { - f, exists := namespaceMapping[specs.NamespaceType(ns)] + f, exists := namespaceMapping[specs.LinuxNamespaceType(ns)] if !exists { return fmt.Errorf("namespace %q is not supported", ns) } diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go index fec19784ffb..94afd65c613 100644 --- a/libcontainer/specconv/spec_linux.go +++ b/libcontainer/specconv/spec_linux.go @@ -20,7 +20,7 @@ import ( const wildcard = -1 -var namespaceMapping = map[specs.NamespaceType]configs.NamespaceType{ +var namespaceMapping = map[specs.LinuxNamespaceType]configs.NamespaceType{ specs.PIDNamespace: configs.NEWPID, specs.NetworkNamespace: configs.NEWNET, specs.MountNamespace: configs.NEWNS, @@ -377,8 +377,8 @@ func createCgroupConfig(name string, useSystemdCgroup bool, spec *specs.Spec) (* c.Resources.CpusetMems = *r.CPU.Mems } } - if r.Pids != nil && r.Pids.Limit != nil { - c.Resources.PidsLimit = *r.Pids.Limit + if r.Pids != nil { + c.Resources.PidsLimit = r.Pids.Limit } if r.BlockIO != nil { if r.BlockIO.Weight != nil { @@ -402,52 +402,37 @@ func createCgroupConfig(name string, useSystemdCgroup bool, spec *specs.Spec) (* } if r.BlockIO.ThrottleReadBpsDevice != nil { for _, td := range r.BlockIO.ThrottleReadBpsDevice { - var rate uint64 - if td.Rate != nil { - rate = *td.Rate - } + rate := td.Rate throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleReadBpsDevice = append(c.Resources.BlkioThrottleReadBpsDevice, throttleDevice) } } if r.BlockIO.ThrottleWriteBpsDevice != nil { for _, td := range r.BlockIO.ThrottleWriteBpsDevice { - var rate uint64 - if td.Rate != nil { - rate = *td.Rate - } + rate := td.Rate throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleWriteBpsDevice = append(c.Resources.BlkioThrottleWriteBpsDevice, throttleDevice) } } if r.BlockIO.ThrottleReadIOPSDevice != nil { for _, td := range r.BlockIO.ThrottleReadIOPSDevice { - var rate uint64 - if td.Rate != nil { - rate = *td.Rate - } + rate := td.Rate throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleReadIOPSDevice = append(c.Resources.BlkioThrottleReadIOPSDevice, throttleDevice) } } if r.BlockIO.ThrottleWriteIOPSDevice != nil { for _, td := range r.BlockIO.ThrottleWriteIOPSDevice { - var rate uint64 - if td.Rate != nil { - rate = *td.Rate - } + rate := td.Rate throttleDevice := configs.NewThrottleDevice(td.Major, td.Minor, rate) c.Resources.BlkioThrottleWriteIOPSDevice = append(c.Resources.BlkioThrottleWriteIOPSDevice, throttleDevice) } } } for _, l := range r.HugepageLimits { - if l.Pagesize == nil || l.Limit == nil { - return nil, fmt.Errorf("pagesize and limit can not be empty") - } c.Resources.HugetlbLimit = append(c.Resources.HugetlbLimit, &configs.HugepageLimit{ - Pagesize: *l.Pagesize, - Limit: *l.Limit, + Pagesize: l.Pagesize, + Limit: l.Limit, }) } if r.DisableOOMKiller != nil { @@ -574,7 +559,7 @@ func setupUserNamespace(spec *specs.Spec, config *configs.Config) error { if len(spec.Linux.UIDMappings) == 0 { return nil } - create := func(m specs.IDMapping) configs.IDMap { + create := func(m specs.LinuxIDMapping) configs.IDMap { return configs.IDMap{ HostID: int(m.HostID), ContainerID: int(m.ContainerID), @@ -682,7 +667,7 @@ func parseMountOptions(options []string) (int, []int, string, int) { return flag, pgflag, strings.Join(data, ","), extFlags } -func setupSeccomp(config *specs.Seccomp) (*configs.Seccomp, error) { +func setupSeccomp(config *specs.LinuxSeccomp) (*configs.Seccomp, error) { if config == nil { return nil, nil } diff --git a/libcontainer/specconv/spec_linux_test.go b/libcontainer/specconv/spec_linux_test.go index e28700ae726..d3c8fae769d 100644 --- a/libcontainer/specconv/spec_linux_test.go +++ b/libcontainer/specconv/spec_linux_test.go @@ -42,7 +42,7 @@ func TestLinuxCgroupsPathNotSpecified(t *testing.T) { func TestDupNamespaces(t *testing.T) { spec := &specs.Spec{ Linux: &specs.Linux{ - Namespaces: []specs.Namespace{ + Namespaces: []specs.LinuxNamespace{ { Type: "pid", }, diff --git a/spec.go b/spec.go index 617d99ea4ee..44ed3072e9b 100644 --- a/spec.go +++ b/spec.go @@ -92,7 +92,7 @@ container on your host.`, "CAP_KILL", "CAP_NET_BIND_SERVICE", }, - Rlimits: []specs.Rlimit{ + Rlimits: []specs.LinuxRlimit{ { Type: "RLIMIT_NOFILE", Hard: uint64(1024), @@ -162,15 +162,15 @@ container on your host.`, "/proc/sys", "/proc/sysrq-trigger", }, - Resources: &specs.Resources{ - Devices: []specs.DeviceCgroup{ + Resources: &specs.LinuxResources{ + Devices: []specs.LinuxDeviceCgroup{ { Allow: false, Access: sPtr("rwm"), }, }, }, - Namespaces: []specs.Namespace{ + Namespaces: []specs.LinuxNamespace{ { Type: "pid", }, @@ -246,7 +246,7 @@ func loadSpec(cPath string) (spec *specs.Spec, err error) { return spec, validateProcessSpec(&spec.Process) } -func createLibContainerRlimit(rlimit specs.Rlimit) (configs.Rlimit, error) { +func createLibContainerRlimit(rlimit specs.LinuxRlimit) (configs.Rlimit, error) { rl, err := strToRlimit(rlimit.Type) if err != nil { return configs.Rlimit{}, err diff --git a/update.go b/update.go index 87dc83ce13a..f06566a0294 100644 --- a/update.go +++ b/update.go @@ -114,15 +114,15 @@ other options are ignored. return err } - r := specs.Resources{ - Memory: &specs.Memory{ + r := specs.LinuxResources{ + Memory: &specs.LinuxMemory{ Limit: u64Ptr(0), Reservation: u64Ptr(0), Swap: u64Ptr(0), Kernel: u64Ptr(0), KernelTCP: u64Ptr(0), }, - CPU: &specs.CPU{ + CPU: &specs.LinuxCPU{ Shares: u64Ptr(0), Quota: u64Ptr(0), Period: u64Ptr(0), @@ -131,7 +131,7 @@ other options are ignored. Cpus: sPtr(""), Mems: sPtr(""), }, - BlockIO: &specs.BlockIO{ + BlockIO: &specs.LinuxBlockIO{ Weight: u16Ptr(0), }, }