|
|
@ -192,6 +192,7 @@ func (e *ExecOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []
|
|
|
|
User: user,
|
|
|
|
User: user,
|
|
|
|
Hostname: hostname,
|
|
|
|
Hostname: hostname,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
extraHosts, err := getExtraHosts(e.base)(ctx, c)
|
|
|
|
extraHosts, err := getExtraHosts(e.base)(ctx, c)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return "", nil, nil, nil, err
|
|
|
|
return "", nil, nil, nil, err
|
|
|
@ -204,6 +205,31 @@ func (e *ExecOp) Marshal(ctx context.Context, c *Constraints) (digest.Digest, []
|
|
|
|
meta.ExtraHosts = hosts
|
|
|
|
meta.ExtraHosts = hosts
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
shmSize, err := getShmSize(e.base)(ctx, c)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return "", nil, nil, nil, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if shmSize != nil {
|
|
|
|
|
|
|
|
meta.ShmSize = *shmSize
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ulimits, err := getUlimit(e.base)(ctx, c)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
|
|
return "", nil, nil, nil, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(ulimits) > 0 {
|
|
|
|
|
|
|
|
addCap(&e.constraints, pb.CapExecMetaUlimit)
|
|
|
|
|
|
|
|
ul := make([]*pb.Ulimit, len(ulimits))
|
|
|
|
|
|
|
|
for i, u := range ulimits {
|
|
|
|
|
|
|
|
ul[i] = &pb.Ulimit{
|
|
|
|
|
|
|
|
Name: u.Name,
|
|
|
|
|
|
|
|
Soft: u.Soft,
|
|
|
|
|
|
|
|
Hard: u.Hard,
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
meta.Ulimit = ul
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
network, err := getNetwork(e.base)(ctx, c)
|
|
|
|
network, err := getNetwork(e.base)(ctx, c)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return "", nil, nil, nil, err
|
|
|
|
return "", nil, nil, nil, err
|
|
|
@ -498,6 +524,18 @@ func AddExtraHost(host string, ip net.IP) RunOption {
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func WithShmSize(kb int64) RunOption {
|
|
|
|
|
|
|
|
return runOptionFunc(func(ei *ExecInfo) {
|
|
|
|
|
|
|
|
ei.State = ei.State.WithShmSize(kb)
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
func AddUlimit(name UlimitName, soft int64, hard int64) RunOption {
|
|
|
|
|
|
|
|
return runOptionFunc(func(ei *ExecInfo) {
|
|
|
|
|
|
|
|
ei.State = ei.State.AddUlimit(name, soft, hard)
|
|
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func With(so ...StateOption) RunOption {
|
|
|
|
func With(so ...StateOption) RunOption {
|
|
|
|
return runOptionFunc(func(ei *ExecInfo) {
|
|
|
|
return runOptionFunc(func(ei *ExecInfo) {
|
|
|
|
ei.State = ei.State.With(so...)
|
|
|
|
ei.State = ei.State.With(so...)
|
|
|
@ -667,3 +705,23 @@ const (
|
|
|
|
SecurityModeInsecure = pb.SecurityMode_INSECURE
|
|
|
|
SecurityModeInsecure = pb.SecurityMode_INSECURE
|
|
|
|
SecurityModeSandbox = pb.SecurityMode_SANDBOX
|
|
|
|
SecurityModeSandbox = pb.SecurityMode_SANDBOX
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
type UlimitName string
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
|
|
UlimitCore UlimitName = "core"
|
|
|
|
|
|
|
|
UlimitCPU UlimitName = "cpu"
|
|
|
|
|
|
|
|
UlimitData UlimitName = "data"
|
|
|
|
|
|
|
|
UlimitFsize UlimitName = "fsize"
|
|
|
|
|
|
|
|
UlimitLocks UlimitName = "locks"
|
|
|
|
|
|
|
|
UlimitMemlock UlimitName = "memlock"
|
|
|
|
|
|
|
|
UlimitMsgqueue UlimitName = "msgqueue"
|
|
|
|
|
|
|
|
UlimitNice UlimitName = "nice"
|
|
|
|
|
|
|
|
UlimitNofile UlimitName = "nofile"
|
|
|
|
|
|
|
|
UlimitNproc UlimitName = "nproc"
|
|
|
|
|
|
|
|
UlimitRss UlimitName = "rss"
|
|
|
|
|
|
|
|
UlimitRtprio UlimitName = "rtprio"
|
|
|
|
|
|
|
|
UlimitRttime UlimitName = "rttime"
|
|
|
|
|
|
|
|
UlimitSigpending UlimitName = "sigpending"
|
|
|
|
|
|
|
|
UlimitStack UlimitName = "stack"
|
|
|
|
|
|
|
|
)
|
|
|
|