aboutsummaryrefslogtreecommitdiff
path: root/libpod/container.go
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@gmail.com>2018-01-15 11:21:30 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2018-01-15 19:50:59 +0000
commit2e48c60bc5f7eb6b301c696f9e4c1cabaf1ec4aa (patch)
treec2daf7eaa83968f841c0b10ff5cd266eed439f4f /libpod/container.go
parent2bfb31ddf4b7f28a67ef94b8b318536c367a663b (diff)
downloadpodman-2e48c60bc5f7eb6b301c696f9e4c1cabaf1ec4aa.tar.gz
podman-2e48c60bc5f7eb6b301c696f9e4c1cabaf1ec4aa.tar.bz2
podman-2e48c60bc5f7eb6b301c696f9e4c1cabaf1ec4aa.zip
Add DNS and security fields to DB
Also moves port mappings out of the SQL DB and into a file on disk. These could get very sizable (hundred to thousands of ports) so moving them out to a file will keep the DB small and fast. Finally, add a foreign key reference from container ID to container state ID. This ensures we never get into an inconsistent state where we have data in one table but not the other. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #225 Approved by: baude
Diffstat (limited to 'libpod/container.go')
-rw-r--r--libpod/container.go31
1 files changed, 24 insertions, 7 deletions
diff --git a/libpod/container.go b/libpod/container.go
index 2c769b00b..7b0852c07 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -156,23 +156,28 @@ type ContainerConfig struct {
Mounts []string `json:"mounts,omitempty"`
// Security Config
+ // Whether the container is privileged
+ Privileged bool `json:"privileged"`
+ // Whether to set the No New Privileges flag
+ NoNewPrivs bool `json:"noNewPrivs"`
// SELinux process label for container
ProcessLabel string `json:"ProcessLabel,omitempty"`
// SELinux mount label for root filesystem
MountLabel string `json:"MountLabel,omitempty"`
// User and group to use in the container
// Can be specified by name or UID/GID
- User string `json:"user"`
+ User string `json:"user,omitempty"`
// Namespace Config
// IDs of container to share namespaces with
// NetNsCtr conflicts with the CreateNetNS bool
- IPCNsCtr string `json:"ipcNsCtr"`
- MountNsCtr string `json:"mountNsCtr"`
- NetNsCtr string `json:"netNsCtr"`
- PIDNsCtr string `json:"pidNsCtr"`
- UserNsCtr string `json:"userNsCtr"`
- UTSNsCtr string `json:"utsNsCtr"`
+ IPCNsCtr string `json:"ipcNsCtr,omitempty"`
+ MountNsCtr string `json:"mountNsCtr,omitempty"`
+ NetNsCtr string `json:"netNsCtr,omitempty"`
+ PIDNsCtr string `json:"pidNsCtr,omitempty"`
+ UserNsCtr string `json:"userNsCtr,omitempty"`
+ UTSNsCtr string `json:"utsNsCtr,omitempty"`
+ CgroupNsCtr string `json:"cgroupNsCtr,omitempty"`
// Network Config
// CreateNetNS indicates that libpod should create and configure a new
@@ -183,6 +188,18 @@ type ContainerConfig struct {
// namespace
// These are not used unless CreateNetNS is true
PortMappings []ocicni.PortMapping `json:"portMappings,omitempty"`
+ // DNS servers to use in container resolv.conf
+ // Will override servers in host resolv if set
+ DNSServer []net.IP `json:"dnsServer,omitempty"`
+ // DNS Search domains to use in container resolv.conf
+ // Will override search domains in host resolv if set
+ DNSSearch []string `json:"dnsSearch,omitempty"`
+ // DNS options to be set in container resolv.conf
+ // With override options in host resolv if set
+ DNSOption []string `json:"dnsOption,omitempty"`
+ // Hosts to add in container
+ // Will be appended to host's host file
+ HostAdd []string `json:"hostsAdd,omitempty"`
// Misc Options
// Whether to keep container STDIN open