mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
6c266c4b42
This moves the bind mounts like /.dockerinit, /etc/hostname, volumes, etc into the container namespace, by setting them up using lxc. This is useful to avoid littering the global namespace with a lot of mounts that are internal to each container and are not generally needed on the outside. In particular, it seems that having a lot of mounts is problematic wrt scaling to a lot of containers on systems where the root filesystem is mounted --rshared. Note that the "private" option is only supported by the native driver, as lxc doesn't support setting this. This is not a huge problem, but it does mean that some mounts are unnecessarily shared inside the container if you're using the lxc driver. Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
48 lines
2.3 KiB
Go
48 lines
2.3 KiB
Go
package libcontainer
|
|
|
|
import (
|
|
"github.com/dotcloud/docker/pkg/cgroups"
|
|
)
|
|
|
|
// Context is a generic key value pair that allows
|
|
// arbatrary data to be sent
|
|
type Context map[string]string
|
|
|
|
// Container defines configuration options for how a
|
|
// container is setup inside a directory and how a process should be executed
|
|
type Container struct {
|
|
Hostname string `json:"hostname,omitempty"` // hostname
|
|
ReadonlyFs bool `json:"readonly_fs,omitempty"` // set the containers rootfs as readonly
|
|
NoPivotRoot bool `json:"no_pivot_root,omitempty"` // this can be enabled if you are running in ramdisk
|
|
User string `json:"user,omitempty"` // user to execute the process as
|
|
WorkingDir string `json:"working_dir,omitempty"` // current working directory
|
|
Env []string `json:"environment,omitempty"` // environment to set
|
|
Tty bool `json:"tty,omitempty"` // setup a proper tty or not
|
|
Namespaces Namespaces `json:"namespaces,omitempty"` // namespaces to apply
|
|
Capabilities Capabilities `json:"capabilities,omitempty"` // capabilities to drop
|
|
Networks []*Network `json:"networks,omitempty"` // nil for host's network stack
|
|
Cgroups *cgroups.Cgroup `json:"cgroups,omitempty"` // cgroups
|
|
Context Context `json:"context,omitempty"` // generic context for specific options (apparmor, selinux)
|
|
Mounts []Mount `json:"mounts,omitempty"`
|
|
}
|
|
|
|
// Network defines configuration for a container's networking stack
|
|
//
|
|
// The network configuration can be omited from a container causing the
|
|
// container to be setup with the host's networking stack
|
|
type Network struct {
|
|
Type string `json:"type,omitempty"` // type of networking to setup i.e. veth, macvlan, etc
|
|
Context Context `json:"context,omitempty"` // generic context for type specific networking options
|
|
Address string `json:"address,omitempty"`
|
|
Gateway string `json:"gateway,omitempty"`
|
|
Mtu int `json:"mtu,omitempty"`
|
|
}
|
|
|
|
// Bind mounts from the host system to the container
|
|
//
|
|
type Mount struct {
|
|
Source string `json:"source"` // Source path, in the host namespace
|
|
Destination string `json:"destination"` // Destination path, in the container
|
|
Writable bool `json:"writable"`
|
|
Private bool `json:"private"`
|
|
}
|