From d53a96fbe4ff286325735cb4e50892e21c475d71 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 18 Jul 2018 13:39:51 -0400 Subject: [PATCH] Add comments for oci protos Signed-off-by: Michael Crosby --- runtime/v2/README.md | 5 + runtime/v2/runc/options/oci.pb.go | 382 +++++++----------------------- runtime/v2/runc/options/oci.proto | 39 +-- 3 files changed, 113 insertions(+), 313 deletions(-) diff --git a/runtime/v2/README.md b/runtime/v2/README.md index b6298f714..f97eb29b2 100644 --- a/runtime/v2/README.md +++ b/runtime/v2/README.md @@ -146,6 +146,11 @@ Shims are also responsible for unmounting of the filesystem. During a `delete` binary call, the shim MUST ensure that filesystem is also unmounted. Filesystems are provided by the containerd snapshotters. +### Events + +The shim MUST publish a `runtime.TaskExitEventTopic` when the container exits. +If the shim collects Out of Memory events, it SHOULD also publish a `runtime.TaskOOMEventTopic`. + ### Other #### Unsupported rpcs diff --git a/runtime/v2/runc/options/oci.pb.go b/runtime/v2/runc/options/oci.pb.go index 634293d7f..67a85d9dd 100644 --- a/runtime/v2/runc/options/oci.pb.go +++ b/runtime/v2/runc/options/oci.pb.go @@ -37,21 +37,24 @@ var _ = math.Inf const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package type Options struct { - NoPivotRoot bool `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"` - OpenTcp bool `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"` - ExternalUnixSockets bool `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"` - Terminal bool `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"` - FileLocks bool `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"` - EmptyNamespaces []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"` - CgroupsMode string `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"` - NoNewKeyring bool `protobuf:"varint,8,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"` - ShimCgroup string `protobuf:"bytes,9,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"` - IoUid uint32 `protobuf:"varint,10,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"` - IoGid uint32 `protobuf:"varint,11,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"` - BinaryName string `protobuf:"bytes,12,opt,name=binary_name,json=binaryName,proto3" json:"binary_name,omitempty"` - Root string `protobuf:"bytes,13,opt,name=root,proto3" json:"root,omitempty"` - CriuPath string `protobuf:"bytes,14,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"` - SystemdCgroup bool `protobuf:"varint,15,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"` + // disable pivot root when creating a container + NoPivotRoot bool `protobuf:"varint,1,opt,name=no_pivot_root,json=noPivotRoot,proto3" json:"no_pivot_root,omitempty"` + // create a new keyring for the container + NoNewKeyring bool `protobuf:"varint,2,opt,name=no_new_keyring,json=noNewKeyring,proto3" json:"no_new_keyring,omitempty"` + // place the shim in a cgroup + ShimCgroup string `protobuf:"bytes,3,opt,name=shim_cgroup,json=shimCgroup,proto3" json:"shim_cgroup,omitempty"` + // set the I/O's pipes uid + IoUid uint32 `protobuf:"varint,4,opt,name=io_uid,json=ioUid,proto3" json:"io_uid,omitempty"` + // set the I/O's pipes gid + IoGid uint32 `protobuf:"varint,5,opt,name=io_gid,json=ioGid,proto3" json:"io_gid,omitempty"` + // binary name of the runc binary + BinaryName string `protobuf:"bytes,6,opt,name=binary_name,json=binaryName,proto3" json:"binary_name,omitempty"` + // runc root directory + Root string `protobuf:"bytes,7,opt,name=root,proto3" json:"root,omitempty"` + // criu binary path + CriuPath string `protobuf:"bytes,8,opt,name=criu_path,json=criuPath,proto3" json:"criu_path,omitempty"` + // enable systemd cgroups + SystemdCgroup bool `protobuf:"varint,9,opt,name=systemd_cgroup,json=systemdCgroup,proto3" json:"systemd_cgroup,omitempty"` } func (m *Options) Reset() { *m = Options{} } @@ -59,13 +62,20 @@ func (*Options) ProtoMessage() {} func (*Options) Descriptor() ([]byte, []int) { return fileDescriptorOci, []int{0} } type CheckpointOptions struct { - Exit bool `protobuf:"varint,1,opt,name=exit,proto3" json:"exit,omitempty"` - OpenTcp bool `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"` - ExternalUnixSockets bool `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"` - Terminal bool `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"` - FileLocks bool `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"` - EmptyNamespaces []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"` - CgroupsMode string `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"` + // exit the container after a checkpoint + Exit bool `protobuf:"varint,1,opt,name=exit,proto3" json:"exit,omitempty"` + // checkpoint open tcp connections + OpenTcp bool `protobuf:"varint,2,opt,name=open_tcp,json=openTcp,proto3" json:"open_tcp,omitempty"` + // checkpoint external unix sockets + ExternalUnixSockets bool `protobuf:"varint,3,opt,name=external_unix_sockets,json=externalUnixSockets,proto3" json:"external_unix_sockets,omitempty"` + // checkpoint terminals (ptys) + Terminal bool `protobuf:"varint,4,opt,name=terminal,proto3" json:"terminal,omitempty"` + // allow checkpointing of file locks + FileLocks bool `protobuf:"varint,5,opt,name=file_locks,json=fileLocks,proto3" json:"file_locks,omitempty"` + // restore provided namespaces as empty namespaces + EmptyNamespaces []string `protobuf:"bytes,6,rep,name=empty_namespaces,json=emptyNamespaces" json:"empty_namespaces,omitempty"` + // set the cgroups mode, soft, full, strict + CgroupsMode string `protobuf:"bytes,7,opt,name=cgroups_mode,json=cgroupsMode,proto3" json:"cgroups_mode,omitempty"` } func (m *CheckpointOptions) Reset() { *m = CheckpointOptions{} } @@ -73,6 +83,7 @@ func (*CheckpointOptions) ProtoMessage() {} func (*CheckpointOptions) Descriptor() ([]byte, []int) { return fileDescriptorOci, []int{1} } type ProcessDetails struct { + // exec process id if the process is managed by a shim ExecID string `protobuf:"bytes,1,opt,name=exec_id,json=execId,proto3" json:"exec_id,omitempty"` } @@ -110,69 +121,8 @@ func (m *Options) MarshalTo(dAtA []byte) (int, error) { } i++ } - if m.OpenTcp { - dAtA[i] = 0x10 - i++ - if m.OpenTcp { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if m.ExternalUnixSockets { - dAtA[i] = 0x18 - i++ - if m.ExternalUnixSockets { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if m.Terminal { - dAtA[i] = 0x20 - i++ - if m.Terminal { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if m.FileLocks { - dAtA[i] = 0x28 - i++ - if m.FileLocks { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if len(m.EmptyNamespaces) > 0 { - for _, s := range m.EmptyNamespaces { - dAtA[i] = 0x32 - i++ - l = len(s) - for l >= 1<<7 { - dAtA[i] = uint8(uint64(l)&0x7f | 0x80) - l >>= 7 - i++ - } - dAtA[i] = uint8(l) - i++ - i += copy(dAtA[i:], s) - } - } - if len(m.CgroupsMode) > 0 { - dAtA[i] = 0x3a - i++ - i = encodeVarintOci(dAtA, i, uint64(len(m.CgroupsMode))) - i += copy(dAtA[i:], m.CgroupsMode) - } if m.NoNewKeyring { - dAtA[i] = 0x40 + dAtA[i] = 0x10 i++ if m.NoNewKeyring { dAtA[i] = 1 @@ -182,41 +132,41 @@ func (m *Options) MarshalTo(dAtA []byte) (int, error) { i++ } if len(m.ShimCgroup) > 0 { - dAtA[i] = 0x4a + dAtA[i] = 0x1a i++ i = encodeVarintOci(dAtA, i, uint64(len(m.ShimCgroup))) i += copy(dAtA[i:], m.ShimCgroup) } if m.IoUid != 0 { - dAtA[i] = 0x50 + dAtA[i] = 0x20 i++ i = encodeVarintOci(dAtA, i, uint64(m.IoUid)) } if m.IoGid != 0 { - dAtA[i] = 0x58 + dAtA[i] = 0x28 i++ i = encodeVarintOci(dAtA, i, uint64(m.IoGid)) } if len(m.BinaryName) > 0 { - dAtA[i] = 0x62 + dAtA[i] = 0x32 i++ i = encodeVarintOci(dAtA, i, uint64(len(m.BinaryName))) i += copy(dAtA[i:], m.BinaryName) } if len(m.Root) > 0 { - dAtA[i] = 0x6a + dAtA[i] = 0x3a i++ i = encodeVarintOci(dAtA, i, uint64(len(m.Root))) i += copy(dAtA[i:], m.Root) } if len(m.CriuPath) > 0 { - dAtA[i] = 0x72 + dAtA[i] = 0x42 i++ i = encodeVarintOci(dAtA, i, uint64(len(m.CriuPath))) i += copy(dAtA[i:], m.CriuPath) } if m.SystemdCgroup { - dAtA[i] = 0x78 + dAtA[i] = 0x48 i++ if m.SystemdCgroup { dAtA[i] = 1 @@ -356,28 +306,6 @@ func (m *Options) Size() (n int) { if m.NoPivotRoot { n += 2 } - if m.OpenTcp { - n += 2 - } - if m.ExternalUnixSockets { - n += 2 - } - if m.Terminal { - n += 2 - } - if m.FileLocks { - n += 2 - } - if len(m.EmptyNamespaces) > 0 { - for _, s := range m.EmptyNamespaces { - l = len(s) - n += 1 + l + sovOci(uint64(l)) - } - } - l = len(m.CgroupsMode) - if l > 0 { - n += 1 + l + sovOci(uint64(l)) - } if m.NoNewKeyring { n += 2 } @@ -469,12 +397,6 @@ func (this *Options) String() string { } s := strings.Join([]string{`&Options{`, `NoPivotRoot:` + fmt.Sprintf("%v", this.NoPivotRoot) + `,`, - `OpenTcp:` + fmt.Sprintf("%v", this.OpenTcp) + `,`, - `ExternalUnixSockets:` + fmt.Sprintf("%v", this.ExternalUnixSockets) + `,`, - `Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`, - `FileLocks:` + fmt.Sprintf("%v", this.FileLocks) + `,`, - `EmptyNamespaces:` + fmt.Sprintf("%v", this.EmptyNamespaces) + `,`, - `CgroupsMode:` + fmt.Sprintf("%v", this.CgroupsMode) + `,`, `NoNewKeyring:` + fmt.Sprintf("%v", this.NoNewKeyring) + `,`, `ShimCgroup:` + fmt.Sprintf("%v", this.ShimCgroup) + `,`, `IoUid:` + fmt.Sprintf("%v", this.IoUid) + `,`, @@ -571,144 +493,6 @@ func (m *Options) Unmarshal(dAtA []byte) error { } m.NoPivotRoot = bool(v != 0) case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field OpenTcp", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowOci - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - m.OpenTcp = bool(v != 0) - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ExternalUnixSockets", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowOci - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - m.ExternalUnixSockets = bool(v != 0) - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Terminal", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowOci - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - m.Terminal = bool(v != 0) - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field FileLocks", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowOci - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - m.FileLocks = bool(v != 0) - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EmptyNamespaces", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowOci - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthOci - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.EmptyNamespaces = append(m.EmptyNamespaces, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CgroupsMode", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowOci - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthOci - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CgroupsMode = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field NoNewKeyring", wireType) } @@ -728,7 +512,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } } m.NoNewKeyring = bool(v != 0) - case 9: + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field ShimCgroup", wireType) } @@ -757,7 +541,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } m.ShimCgroup = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 10: + case 4: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field IoUid", wireType) } @@ -776,7 +560,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { break } } - case 11: + case 5: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field IoGid", wireType) } @@ -795,7 +579,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { break } } - case 12: + case 6: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field BinaryName", wireType) } @@ -824,7 +608,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } m.BinaryName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 13: + case 7: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Root", wireType) } @@ -853,7 +637,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } m.Root = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 14: + case 8: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field CriuPath", wireType) } @@ -882,7 +666,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } m.CriuPath = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 15: + case 9: if wireType != 0 { return fmt.Errorf("proto: wrong wireType = %d for field SystemdCgroup", wireType) } @@ -1320,39 +1104,39 @@ func init() { } var fileDescriptorOci = []byte{ - // 534 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x93, 0xcf, 0x6e, 0x13, 0x31, - 0x10, 0xc6, 0xbb, 0xb4, 0xcd, 0x1f, 0xa7, 0x49, 0xc1, 0x50, 0xc9, 0x14, 0x91, 0x86, 0x00, 0x52, - 0xb8, 0x24, 0xa2, 0x88, 0x13, 0x17, 0xd4, 0x16, 0xa1, 0x0a, 0x28, 0xd5, 0x42, 0x25, 0xd4, 0x8b, - 0xb5, 0xf5, 0x0e, 0x9b, 0x51, 0xb2, 0x9e, 0xd5, 0xda, 0xdb, 0x6e, 0x6e, 0x3c, 0x5e, 0x8f, 0x1c, - 0x39, 0x21, 0x9a, 0x57, 0xe0, 0x01, 0x40, 0xf6, 0x26, 0x85, 0x33, 0x47, 0x4e, 0xfb, 0xf9, 0xf7, - 0x7d, 0x9e, 0x1d, 0x7b, 0x64, 0xb6, 0x97, 0xa0, 0x1d, 0x17, 0x67, 0x43, 0x45, 0xe9, 0x48, 0x91, - 0xb6, 0x11, 0x6a, 0xc8, 0xe3, 0xbf, 0x65, 0x5e, 0x68, 0x8b, 0x29, 0x8c, 0xce, 0x77, 0x9d, 0x54, - 0x23, 0xca, 0x2c, 0x92, 0x36, 0x23, 0x52, 0x38, 0xcc, 0x72, 0xb2, 0xc4, 0xf9, 0x9f, 0xf4, 0xd0, - 0x45, 0x86, 0xe7, 0x4f, 0xb7, 0xef, 0x24, 0x94, 0x90, 0xb7, 0x47, 0x4e, 0x55, 0xc9, 0xfe, 0xcf, - 0x55, 0x56, 0x7f, 0x5f, 0xed, 0xe7, 0x7d, 0xd6, 0xd6, 0x24, 0x33, 0x3c, 0x27, 0x2b, 0x73, 0x22, - 0x2b, 0x82, 0x5e, 0x30, 0x68, 0x84, 0x2d, 0x4d, 0xc7, 0x8e, 0x85, 0x44, 0x96, 0xdf, 0x65, 0x0d, - 0xca, 0x40, 0x4b, 0xab, 0x32, 0x71, 0xc3, 0xdb, 0x75, 0xb7, 0xfe, 0xa8, 0x32, 0xbe, 0xcb, 0xb6, - 0xa0, 0xb4, 0x90, 0xeb, 0x68, 0x2a, 0x0b, 0x8d, 0xa5, 0x34, 0xa4, 0x26, 0x60, 0x8d, 0x58, 0xf5, - 0xb9, 0xdb, 0x4b, 0xf3, 0x44, 0x63, 0xf9, 0xa1, 0xb2, 0xf8, 0x36, 0x6b, 0x58, 0xc8, 0x53, 0xd4, - 0xd1, 0x54, 0xac, 0xf9, 0xd8, 0xf5, 0x9a, 0xdf, 0x67, 0xec, 0x33, 0x4e, 0x41, 0x4e, 0x49, 0x4d, - 0x8c, 0x58, 0xf7, 0x6e, 0xd3, 0x91, 0xb7, 0x0e, 0xf0, 0x27, 0xec, 0x26, 0xa4, 0x99, 0x9d, 0x49, - 0x1d, 0xa5, 0x60, 0xb2, 0x48, 0x81, 0x11, 0xb5, 0xde, 0xea, 0xa0, 0x19, 0x6e, 0x7a, 0x7e, 0x74, - 0x8d, 0xf9, 0x03, 0xb6, 0xa1, 0x92, 0x9c, 0x8a, 0xcc, 0xc8, 0x94, 0x62, 0x10, 0xf5, 0x5e, 0x30, - 0x68, 0x86, 0xad, 0x05, 0x7b, 0x47, 0x31, 0xf0, 0x47, 0xac, 0xa3, 0x49, 0x6a, 0xb8, 0x90, 0x13, - 0x98, 0xe5, 0xa8, 0x13, 0xd1, 0xf0, 0x3f, 0xdc, 0xd0, 0x74, 0x04, 0x17, 0x6f, 0x2a, 0xc6, 0x77, - 0x58, 0xcb, 0x8c, 0x31, 0x95, 0xd5, 0x4e, 0xd1, 0xf4, 0x75, 0x98, 0x43, 0xfb, 0x9e, 0xf0, 0x2d, - 0x56, 0x43, 0x92, 0x05, 0xc6, 0x82, 0xf5, 0x82, 0x41, 0x3b, 0x5c, 0x47, 0x3a, 0xc1, 0x78, 0x81, - 0x13, 0x8c, 0x45, 0x6b, 0x89, 0x5f, 0x63, 0xec, 0xca, 0x9d, 0xa1, 0x8e, 0xf2, 0xea, 0x0c, 0x62, - 0xa3, 0x2a, 0x57, 0x21, 0xd7, 0x3e, 0xe7, 0x6c, 0xcd, 0x0f, 0xa2, 0xed, 0x1d, 0xaf, 0xf9, 0x3d, - 0xd6, 0x54, 0x39, 0x16, 0x32, 0x8b, 0xec, 0x58, 0x74, 0xbc, 0xd1, 0x70, 0xe0, 0x38, 0xb2, 0x63, - 0xfe, 0x98, 0x75, 0xcc, 0xcc, 0x58, 0x48, 0xe3, 0x65, 0x8f, 0x9b, 0xfe, 0x18, 0xed, 0x05, 0xad, - 0xda, 0xec, 0xff, 0x0a, 0xd8, 0xad, 0xfd, 0x31, 0xa8, 0x49, 0x46, 0xa8, 0xed, 0x72, 0xfe, 0x9c, - 0xad, 0x41, 0x89, 0xcb, 0xb1, 0x7b, 0xfd, 0xbf, 0xce, 0xbb, 0xff, 0x9c, 0x75, 0x8e, 0x73, 0x52, - 0x60, 0xcc, 0x01, 0xd8, 0x08, 0xa7, 0x86, 0x3f, 0x64, 0x75, 0x28, 0x41, 0x49, 0x8c, 0xfd, 0x05, - 0x34, 0xf7, 0xd8, 0xfc, 0xfb, 0x4e, 0xed, 0x55, 0x09, 0xea, 0xf0, 0x20, 0xac, 0x39, 0xeb, 0x30, - 0xde, 0x3b, 0xbd, 0xbc, 0xea, 0xae, 0x7c, 0xbb, 0xea, 0xae, 0x7c, 0x99, 0x77, 0x83, 0xcb, 0x79, - 0x37, 0xf8, 0x3a, 0xef, 0x06, 0x3f, 0xe6, 0xdd, 0xe0, 0xf4, 0xe5, 0xbf, 0x3e, 0xdb, 0x17, 0x8b, - 0xef, 0xa7, 0x95, 0xb3, 0x9a, 0x7f, 0x93, 0xcf, 0x7e, 0x07, 0x00, 0x00, 0xff, 0xff, 0x04, 0x15, - 0x35, 0xdc, 0x03, 0x04, 0x00, 0x00, + // 529 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x92, 0xcd, 0x6e, 0xd3, 0x4c, + 0x14, 0x86, 0xeb, 0xfe, 0x38, 0xf6, 0xf4, 0xe7, 0xfb, 0x18, 0xa8, 0x64, 0x8a, 0x70, 0x43, 0x00, + 0x29, 0x6c, 0x12, 0x51, 0xc4, 0x8a, 0x0d, 0x6a, 0x8b, 0x50, 0x05, 0x94, 0xca, 0x50, 0x09, 0x75, + 0x33, 0x72, 0xc6, 0x07, 0xe7, 0x28, 0xf1, 0x1c, 0xcb, 0x33, 0x4e, 0x9d, 0x1d, 0xf7, 0xc1, 0x0d, + 0x75, 0xc9, 0x92, 0x15, 0xa2, 0xb9, 0x11, 0x90, 0xc7, 0x4e, 0x61, 0xcd, 0xca, 0xef, 0x3c, 0xef, + 0xf1, 0x68, 0xe6, 0xd1, 0xb0, 0xc3, 0x14, 0xcd, 0xb8, 0x1c, 0x0d, 0x24, 0x65, 0x43, 0x49, 0xca, + 0xc4, 0xa8, 0xa0, 0x48, 0xfe, 0x8e, 0x45, 0xa9, 0x0c, 0x66, 0x30, 0x9c, 0x1d, 0xd4, 0x51, 0x0e, + 0x29, 0x37, 0x48, 0x4a, 0x0f, 0x49, 0xe2, 0x20, 0x2f, 0xc8, 0x10, 0xe7, 0x7f, 0xa6, 0x07, 0xf5, + 0xc8, 0x60, 0xf6, 0x74, 0xef, 0x4e, 0x4a, 0x29, 0xd9, 0x7a, 0x58, 0xa7, 0x66, 0xb2, 0xf7, 0x75, + 0x95, 0x75, 0xde, 0x37, 0xff, 0xf3, 0x1e, 0xdb, 0x56, 0x24, 0x72, 0x9c, 0x91, 0x11, 0x05, 0x91, + 0x09, 0x9c, 0xae, 0xd3, 0xf7, 0xa2, 0x4d, 0x45, 0x67, 0x35, 0x8b, 0x88, 0x0c, 0x7f, 0xc4, 0x76, + 0x14, 0x09, 0x05, 0x97, 0x62, 0x02, 0xf3, 0x02, 0x55, 0x1a, 0xac, 0xda, 0xa1, 0x2d, 0x45, 0xa7, + 0x70, 0xf9, 0xa6, 0x61, 0x7c, 0x9f, 0x6d, 0xea, 0x31, 0x66, 0x42, 0xa6, 0x05, 0x95, 0x79, 0xb0, + 0xd6, 0x75, 0xfa, 0x7e, 0xc4, 0x6a, 0x74, 0x64, 0x09, 0xdf, 0x65, 0x2e, 0x92, 0x28, 0x31, 0x09, + 0xd6, 0xbb, 0x4e, 0x7f, 0x3b, 0xda, 0x40, 0x3a, 0xc7, 0xa4, 0xc5, 0x29, 0x26, 0xc1, 0xc6, 0x12, + 0xbf, 0xc6, 0xa4, 0xde, 0x6e, 0x84, 0x2a, 0x2e, 0xe6, 0x42, 0xc5, 0x19, 0x04, 0x6e, 0xb3, 0x5d, + 0x83, 0x4e, 0xe3, 0x0c, 0x38, 0x67, 0xeb, 0xf6, 0xc0, 0x1d, 0xdb, 0xd8, 0xcc, 0xef, 0x31, 0x5f, + 0x16, 0x58, 0x8a, 0x3c, 0x36, 0xe3, 0xc0, 0xb3, 0x85, 0x57, 0x83, 0xb3, 0xd8, 0x8c, 0xf9, 0x63, + 0xb6, 0xa3, 0xe7, 0xda, 0x40, 0x96, 0x2c, 0xcf, 0xe8, 0xdb, 0x6b, 0x6c, 0xb7, 0xb4, 0x39, 0x66, + 0xef, 0x97, 0xc3, 0x6e, 0x1d, 0x8d, 0x41, 0x4e, 0x72, 0x42, 0x65, 0x96, 0x9e, 0x38, 0x5b, 0x87, + 0x0a, 0x97, 0x7a, 0x6c, 0xe6, 0x77, 0x99, 0x47, 0x39, 0x28, 0x61, 0x64, 0xde, 0x1a, 0xe9, 0xd4, + 0xeb, 0x8f, 0x32, 0xe7, 0x07, 0x6c, 0x17, 0x2a, 0x03, 0x85, 0x8a, 0xa7, 0xa2, 0x54, 0x58, 0x09, + 0x4d, 0x72, 0x02, 0x46, 0x5b, 0x2d, 0x5e, 0x74, 0x7b, 0x59, 0x9e, 0x2b, 0xac, 0x3e, 0x34, 0x15, + 0xdf, 0x63, 0x9e, 0x81, 0x22, 0x43, 0x15, 0x4f, 0xad, 0x21, 0x2f, 0xba, 0x59, 0xf3, 0xfb, 0x8c, + 0x7d, 0xc6, 0x29, 0x88, 0x29, 0xc9, 0x89, 0xb6, 0xa2, 0xbc, 0xc8, 0xaf, 0xc9, 0xdb, 0x1a, 0xf0, + 0x27, 0xec, 0x7f, 0xc8, 0x72, 0xd3, 0xb8, 0xd2, 0x79, 0x2c, 0x41, 0x07, 0x6e, 0x77, 0xad, 0xef, + 0x47, 0xff, 0x59, 0x7e, 0x7a, 0x83, 0xf9, 0x03, 0xb6, 0xd5, 0xdc, 0x5e, 0x8b, 0x8c, 0x12, 0x68, + 0xf5, 0x6d, 0xb6, 0xec, 0x1d, 0x25, 0xd0, 0x7b, 0xce, 0x76, 0xce, 0x0a, 0x92, 0xa0, 0xf5, 0x31, + 0x98, 0x18, 0xa7, 0x9a, 0x3f, 0x64, 0x1d, 0xa8, 0x40, 0x0a, 0x4c, 0xac, 0x00, 0xff, 0x90, 0x2d, + 0x7e, 0xec, 0xbb, 0xaf, 0x2a, 0x90, 0x27, 0xc7, 0x91, 0x5b, 0x57, 0x27, 0xc9, 0xe1, 0xc5, 0xd5, + 0x75, 0xb8, 0xf2, 0xfd, 0x3a, 0x5c, 0xf9, 0xb2, 0x08, 0x9d, 0xab, 0x45, 0xe8, 0x7c, 0x5b, 0x84, + 0xce, 0xcf, 0x45, 0xe8, 0x5c, 0xbc, 0xfc, 0xd7, 0xe7, 0xfd, 0xa2, 0xfd, 0x7e, 0x5a, 0x19, 0xb9, + 0xf6, 0xed, 0x3e, 0xfb, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x78, 0xf4, 0x16, 0x4e, 0x2b, 0x03, 0x00, + 0x00, } diff --git a/runtime/v2/runc/options/oci.proto b/runtime/v2/runc/options/oci.proto index 8efa8ef10..e3ee8a81e 100644 --- a/runtime/v2/runc/options/oci.proto +++ b/runtime/v2/runc/options/oci.proto @@ -7,33 +7,44 @@ import weak "gogoproto/gogo.proto"; option go_package = "github.com/containerd/containerd/runtime/v2/runc/options;options"; message Options { + // disable pivot root when creating a container bool no_pivot_root = 1; - bool open_tcp = 2; - bool external_unix_sockets = 3; - bool terminal = 4; - bool file_locks = 5; - repeated string empty_namespaces = 6; - string cgroups_mode = 7; - bool no_new_keyring = 8; - string shim_cgroup = 9; - uint32 io_uid = 10; - uint32 io_gid = 11; - string binary_name = 12; - string root = 13; - string criu_path = 14; - bool systemd_cgroup = 15; + // create a new keyring for the container + bool no_new_keyring = 2; + // place the shim in a cgroup + string shim_cgroup = 3; + // set the I/O's pipes uid + uint32 io_uid = 4; + // set the I/O's pipes gid + uint32 io_gid = 5; + // binary name of the runc binary + string binary_name = 6; + // runc root directory + string root = 7; + // criu binary path + string criu_path = 8; + // enable systemd cgroups + bool systemd_cgroup = 9; } message CheckpointOptions { + // exit the container after a checkpoint bool exit = 1; + // checkpoint open tcp connections bool open_tcp = 2; + // checkpoint external unix sockets bool external_unix_sockets = 3; + // checkpoint terminals (ptys) bool terminal = 4; + // allow checkpointing of file locks bool file_locks = 5; + // restore provided namespaces as empty namespaces repeated string empty_namespaces = 6; + // set the cgroups mode, soft, full, strict string cgroups_mode = 7; } message ProcessDetails { + // exec process id if the process is managed by a shim string exec_id = 1; }