Skip to content

Commit fc6670d

Browse files
vbattsvbatts
committed
config: JSON examples
* "complete" JSON example * fix a couple of values * fix a missing comma Signed-off-by: Vincent Batts <[email protected]>
1 parent fae90c1 commit fc6670d

File tree

2 files changed

+190
-11
lines changed

2 files changed

+190
-11
lines changed

config-linux.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -306,8 +306,8 @@ The following parameters can be specified to setup the controller:
306306
"period": 0,
307307
"realtimeRuntime": 0,
308308
"realtimePeriod": 0,
309-
"cpus": "",
310-
"mems": ""
309+
"cpus": "2-3",
310+
"mems": "0-7"
311311
}
312312
```
313313

@@ -337,8 +337,8 @@ The following parameters can be specified to setup the controller:
337337

338338
```json
339339
"blockIO": {
340-
"blkioWeight": 0,
341-
"blkioLeafWeight": 0,
340+
"blkioWeight": 10,
341+
"blkioLeafWeight": 10,
342342
"blkioWeightDevice": [
343343
{
344344
"major": 8,

config.md

Lines changed: 186 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -232,7 +232,7 @@ If a hook returns a non-zero exit code, then an error is logged and the remainin
232232
],
233233
"poststart": [
234234
{
235-
"path": "/usr/bin/notify-start"
235+
"path": "/usr/bin/notify-start",
236236
"timeout": 5
237237
}
238238
],
@@ -269,7 +269,7 @@ Here is a full example `config.json` for reference.
269269

270270
```json
271271
{
272-
"ociVersion": "0.3.0",
272+
"ociVersion": "0.5.0-dev",
273273
"platform": {
274274
"os": "linux",
275275
"arch": "amd64"
@@ -284,6 +284,20 @@ Here is a full example `config.json` for reference.
284284
6
285285
]
286286
},
287+
"uidMappings": [
288+
{
289+
"hostID": 1000,
290+
"containerID": 0,
291+
"size": 10
292+
}
293+
],
294+
"gidMappings": [
295+
{
296+
"hostID": 1000,
297+
"containerID": 0,
298+
"size": 10
299+
}
300+
],
287301
"args": [
288302
"sh"
289303
],
@@ -304,8 +318,9 @@ Here is a full example `config.json` for reference.
304318
"soft": 1024
305319
}
306320
],
307-
"apparmorProfile": "",
308-
"selinuxLabel": ""
321+
"apparmorProfile": "acme_secure_profile",
322+
"selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675",
323+
"noNewPrivileges": true
309324
},
310325
"root": {
311326
"path": "rootfs",
@@ -390,20 +405,166 @@ Here is a full example `config.json` for reference.
390405
"hooks": {
391406
"prestart": [
392407
{
393-
"path": "/usr/bin/uptime",
408+
"path": "/usr/bin/fix-mounts",
394409
"args": [
395-
"/usr/bin/uptime"
410+
"fix-mounts",
411+
"arg1",
412+
"arg2"
396413
],
397-
"env": []
414+
"env": [
415+
"key1=value1"
416+
]
417+
},
418+
{
419+
"path": "/usr/bin/setup-network"
420+
}
421+
],
422+
"poststart": [
423+
{
424+
"path": "/usr/bin/notify-start",
425+
"timeout": 5
426+
}
427+
],
428+
"poststop": [
429+
{
430+
"path": "/usr/sbin/cleanup.sh",
431+
"args": [
432+
"cleanup.sh",
433+
"-f"
434+
]
398435
}
399436
]
400437
},
401438
"linux": {
439+
"devices": [
440+
{
441+
"path": "/dev/fuse",
442+
"type": "c",
443+
"major": 10,
444+
"minor": 229,
445+
"fileMode": 438,
446+
"uid": 0,
447+
"gid": 0
448+
},
449+
{
450+
"path": "/dev/sda",
451+
"type": "b",
452+
"major": 8,
453+
"minor": 0,
454+
"fileMode": 432,
455+
"uid": 0,
456+
"gid": 0
457+
}
458+
],
459+
"sysctl": {
460+
"net.ipv4.ip_forward": "1",
461+
"net.core.somaxconn": "256"
462+
},
463+
"cgroupsPath": "/myRuntime/myContainer",
402464
"resources": {
465+
"network": {
466+
"classID": 1048577,
467+
"priorities": [
468+
{
469+
"name": "eth0",
470+
"priority": 500
471+
},
472+
{
473+
"name": "eth1",
474+
"priority": 1000
475+
}
476+
]
477+
},
478+
"pids": {
479+
"limit": 32771
480+
},
481+
"hugepageLimits": [
482+
{
483+
"pageSize": "2MB",
484+
"limit": 9223372036854772000
485+
}
486+
],
487+
"oomScoreAdj": 0,
488+
"memory": {
489+
"limit": 0,
490+
"reservation": 0,
491+
"swap": 0,
492+
"kernel": 0,
493+
"kernelTCP": 0,
494+
"swappiness": 0
495+
},
496+
"cpu": {
497+
"shares": 0,
498+
"quota": 0,
499+
"period": 0,
500+
"realtimeRuntime": 0,
501+
"realtimePeriod": 0,
502+
"cpus": "2-3",
503+
"mems": "0-7"
504+
},
505+
"disableOOMKiller": false,
403506
"devices": [
404507
{
405508
"allow": false,
406509
"access": "rwm"
510+
},
511+
{
512+
"allow": true,
513+
"type": "c",
514+
"major": 10,
515+
"minor": 229,
516+
"access": "rw"
517+
},
518+
{
519+
"allow": true,
520+
"type": "b",
521+
"major": 8,
522+
"minor": 0,
523+
"access": "r"
524+
}
525+
],
526+
"blockIO": {
527+
"blkioWeight": 10,
528+
"blkioLeafWeight": 10,
529+
"blkioWeightDevice": [
530+
{
531+
"major": 8,
532+
"minor": 0,
533+
"weight": 500,
534+
"leafWeight": 300
535+
},
536+
{
537+
"major": 8,
538+
"minor": 16,
539+
"weight": 500
540+
}
541+
],
542+
"blkioThrottleReadBpsDevice": [
543+
{
544+
"major": 8,
545+
"minor": 0,
546+
"rate": 600
547+
}
548+
],
549+
"blkioThrottleWriteIOPSDevice": [
550+
{
551+
"major": 8,
552+
"minor": 16,
553+
"rate": 300
554+
}
555+
]
556+
}
557+
},
558+
"rootfsPropagation": "slave",
559+
"seccomp": {
560+
"defaultAction": "SCMP_ACT_ALLOW",
561+
"architectures": [
562+
"SCMP_ARCH_X86"
563+
],
564+
"syscalls": [
565+
{
566+
"name": "getcwd",
567+
"action": "SCMP_ACT_ERRNO"
407568
}
408569
]
409570
},
@@ -423,7 +584,25 @@ Here is a full example `config.json` for reference.
423584
{
424585
"type": "mount"
425586
}
587+
],
588+
"maskedPaths": [
589+
"/proc/kcore",
590+
"/proc/latency_stats",
591+
"/proc/timer_stats",
592+
"/proc/sched_debug"
593+
],
594+
"readonlyPaths": [
595+
"/proc/asound",
596+
"/proc/bus",
597+
"/proc/fs",
598+
"/proc/irq",
599+
"/proc/sys",
600+
"/proc/sysrq-trigger"
426601
]
602+
},
603+
"annotations": {
604+
"key1": "value1",
605+
"key2": "value2"
427606
}
428607
}
429608
```

0 commit comments

Comments
 (0)