nri: add experimental NRI plugin.
Add a common NRI 'service' plugin. It takes care of relaying requests and respones to and from NRI (external NRI plugins) and the high-level containerd namespace-independent logic of applying NRI container adjustments and updates to actual CRI and other containers. The namespace-dependent details of the necessary container manipulation operations are to be implemented by namespace- specific adaptations. This NRI plugin defines the API which such adaptations need to implement. Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
This commit is contained in:
Krisztian Litkey
31
vendor/github.com/opencontainers/runtime-tools/validate/capabilities/validate.go
generated
vendored
Normal file
31
vendor/github.com/opencontainers/runtime-tools/validate/capabilities/validate.go
generated
vendored
Normal file
@@ -0,0 +1,31 @@
|
||||
package capabilities
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
)
|
||||
|
||||
// CapValid checks whether a capability is valid
|
||||
func CapValid(c string, hostSpecific bool) error {
|
||||
isValid := false
|
||||
|
||||
if !strings.HasPrefix(c, "CAP_") {
|
||||
return fmt.Errorf("capability %s must start with CAP_", c)
|
||||
}
|
||||
for _, cap := range capability.List() {
|
||||
if c == fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())) {
|
||||
if hostSpecific && cap > LastCap() {
|
||||
return fmt.Errorf("%s is not supported on the current host", c)
|
||||
}
|
||||
isValid = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !isValid {
|
||||
return fmt.Errorf("invalid capability: %s", c)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
16
vendor/github.com/opencontainers/runtime-tools/validate/capabilities/validate_linux.go
generated
vendored
Normal file
16
vendor/github.com/opencontainers/runtime-tools/validate/capabilities/validate_linux.go
generated
vendored
Normal file
@@ -0,0 +1,16 @@
|
||||
package capabilities
|
||||
|
||||
import (
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
)
|
||||
|
||||
// LastCap return last cap of system
|
||||
func LastCap() capability.Cap {
|
||||
last := capability.CAP_LAST_CAP
|
||||
// hack for RHEL6 which has no /proc/sys/kernel/cap_last_cap
|
||||
if last == capability.Cap(63) {
|
||||
last = capability.CAP_BLOCK_SUSPEND
|
||||
}
|
||||
|
||||
return last
|
||||
}
|
||||
13
vendor/github.com/opencontainers/runtime-tools/validate/capabilities/validate_unsupported.go
generated
vendored
Normal file
13
vendor/github.com/opencontainers/runtime-tools/validate/capabilities/validate_unsupported.go
generated
vendored
Normal file
@@ -0,0 +1,13 @@
|
||||
//go:build !linux
|
||||
// +build !linux
|
||||
|
||||
package validate
|
||||
|
||||
import (
|
||||
"github.com/syndtr/gocapability/capability"
|
||||
)
|
||||
|
||||
// LastCap return last cap of system
|
||||
func LastCap() capability.Cap {
|
||||
return capability.Cap(-1)
|
||||
}
|
||||
Reference in New Issue
Block a user