Vendor in latest runtime-tools

Newer runtime tools separates syscalls by OS so we can build darwin. Signed-off-by: baude <bbaude@redhat.com> Closes: #1007 Approved by: baude
author: baude <bbaude@redhat.com> 2018-06-26 13:50:12 -0500
committer: Atomic Bot <atomic-devel@projectatomic.io> 2018-06-27 15:16:02 +0000
commit: f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3 (patch)
tree: 55a2c6e560625df8b8e176e4ac9cb2214480d3ab /vendor/github.com/opencontainers/runtime-tools/generate
parent: 19f5a504ffb1470991f331db412be456e41caab5 (diff)
download: podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.tar.gz
podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.tar.bz2
podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.zip
6 files changed, 787 insertions, 739 deletions
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/config.go b/vendor/github.com/opencontainers/runtime-tools/generate/config.go
new file mode 100644
index 000000000..164fdf141
--- /dev/null
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/config.go
@@ -0,0 +1,173 @@
+package generate
+
+import (
+	rspec "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func (g *Generator) initConfig() {
+	if g.Config == nil {
+		g.Config = &rspec.Spec{}
+	}
+}
+
+func (g *Generator) initConfigProcess() {
+	g.initConfig()
+	if g.Config.Process == nil {
+		g.Config.Process = &rspec.Process{}
+	}
+}
+
+func (g *Generator) initConfigProcessConsoleSize() {
+	g.initConfigProcess()
+	if g.Config.Process.ConsoleSize == nil {
+		g.Config.Process.ConsoleSize = &rspec.Box{}
+	}
+}
+
+func (g *Generator) initConfigProcessCapabilities() {
+	g.initConfigProcess()
+	if g.Config.Process.Capabilities == nil {
+		g.Config.Process.Capabilities = &rspec.LinuxCapabilities{}
+	}
+}
+
+func (g *Generator) initConfigRoot() {
+	g.initConfig()
+	if g.Config.Root == nil {
+		g.Config.Root = &rspec.Root{}
+	}
+}
+
+func (g *Generator) initConfigAnnotations() {
+	g.initConfig()
+	if g.Config.Annotations == nil {
+		g.Config.Annotations = make(map[string]string)
+	}
+}
+
+func (g *Generator) initConfigHooks() {
+	g.initConfig()
+	if g.Config.Hooks == nil {
+		g.Config.Hooks = &rspec.Hooks{}
+	}
+}
+
+func (g *Generator) initConfigLinux() {
+	g.initConfig()
+	if g.Config.Linux == nil {
+		g.Config.Linux = &rspec.Linux{}
+	}
+}
+
+func (g *Generator) initConfigLinuxIntelRdt() {
+	g.initConfigLinux()
+	if g.Config.Linux.IntelRdt == nil {
+		g.Config.Linux.IntelRdt = &rspec.LinuxIntelRdt{}
+	}
+}
+
+func (g *Generator) initConfigLinuxSysctl() {
+	g.initConfigLinux()
+	if g.Config.Linux.Sysctl == nil {
+		g.Config.Linux.Sysctl = make(map[string]string)
+	}
+}
+
+func (g *Generator) initConfigLinuxSeccomp() {
+	g.initConfigLinux()
+	if g.Config.Linux.Seccomp == nil {
+		g.Config.Linux.Seccomp = &rspec.LinuxSeccomp{}
+	}
+}
+
+func (g *Generator) initConfigLinuxResources() {
+	g.initConfigLinux()
+	if g.Config.Linux.Resources == nil {
+		g.Config.Linux.Resources = &rspec.LinuxResources{}
+	}
+}
+
+func (g *Generator) initConfigLinuxResourcesBlockIO() {
+	g.initConfigLinuxResources()
+	if g.Config.Linux.Resources.BlockIO == nil {
+		g.Config.Linux.Resources.BlockIO = &rspec.LinuxBlockIO{}
+	}
+}
+
+// InitConfigLinuxResourcesCPU initializes CPU of Linux resources
+func (g *Generator) InitConfigLinuxResourcesCPU() {
+	g.initConfigLinuxResources()
+	if g.Config.Linux.Resources.CPU == nil {
+		g.Config.Linux.Resources.CPU = &rspec.LinuxCPU{}
+	}
+}
+
+func (g *Generator) initConfigLinuxResourcesMemory() {
+	g.initConfigLinuxResources()
+	if g.Config.Linux.Resources.Memory == nil {
+		g.Config.Linux.Resources.Memory = &rspec.LinuxMemory{}
+	}
+}
+
+func (g *Generator) initConfigLinuxResourcesNetwork() {
+	g.initConfigLinuxResources()
+	if g.Config.Linux.Resources.Network == nil {
+		g.Config.Linux.Resources.Network = &rspec.LinuxNetwork{}
+	}
+}
+
+func (g *Generator) initConfigLinuxResourcesPids() {
+	g.initConfigLinuxResources()
+	if g.Config.Linux.Resources.Pids == nil {
+		g.Config.Linux.Resources.Pids = &rspec.LinuxPids{}
+	}
+}
+
+func (g *Generator) initConfigSolaris() {
+	g.initConfig()
+	if g.Config.Solaris == nil {
+		g.Config.Solaris = &rspec.Solaris{}
+	}
+}
+
+func (g *Generator) initConfigSolarisCappedCPU() {
+	g.initConfigSolaris()
+	if g.Config.Solaris.CappedCPU == nil {
+		g.Config.Solaris.CappedCPU = &rspec.SolarisCappedCPU{}
+	}
+}
+
+func (g *Generator) initConfigSolarisCappedMemory() {
+	g.initConfigSolaris()
+	if g.Config.Solaris.CappedMemory == nil {
+		g.Config.Solaris.CappedMemory = &rspec.SolarisCappedMemory{}
+	}
+}
+
+func (g *Generator) initConfigWindows() {
+	g.initConfig()
+	if g.Config.Windows == nil {
+		g.Config.Windows = &rspec.Windows{}
+	}
+}
+
+func (g *Generator) initConfigWindowsHyperV() {
+	g.initConfigWindows()
+	if g.Config.Windows.HyperV == nil {
+		g.Config.Windows.HyperV = &rspec.WindowsHyperV{}
+	}
+}
+
+func (g *Generator) initConfigWindowsResources() {
+	g.initConfigWindows()
+	if g.Config.Windows.Resources == nil {
+		g.Config.Windows.Resources = &rspec.WindowsResources{}
+	}
+}
+
+func (g *Generator) initConfigWindowsResourcesMemory() {
+	g.initConfigWindowsResources()
+	if g.Config.Windows.Resources.Memory == nil {
+		g.Config.Windows.Resources.Memory = &rspec.WindowsMemoryResources{}
+	}
+}
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/generate.go b/vendor/github.com/opencontainers/runtime-tools/generate/generate.go
index d2951b52d..900278f9f 100644
--- a/vendor/github.com/opencontainers/runtime-tools/generate/generate.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/generate.go
@@ -25,9 +25,9 @@ var (
 	}
 )
 
-// Generator represents a generator for a container spec.
+// Generator represents a generator for a container config.
 type Generator struct {
-	spec         *rspec.Spec
+	Config       *rspec.Spec
 	HostSpecific bool
 }
 
@@ -36,9 +36,14 @@ type ExportOptions struct {
 	Seccomp bool // seccomp toggles if only seccomp should be exported
 }
 
-// New creates a spec Generator with the default spec.
-func New() Generator {
-	spec := rspec.Spec{
+// New creates a configuration Generator with the default
+// configuration for the target operating system.
+func New(os string) (generator Generator, err error) {
+	if os != "linux" && os != "solaris" {
+		return generator, fmt.Errorf("no defaults configured for %s", os)
+	}
+
+	config := rspec.Spec{
 		Version: rspec.Version,
 		Root: &rspec.Root{
 			Path:     "rootfs",
@@ -46,107 +51,113 @@ func New() Generator {
 		},
 		Process: &rspec.Process{
 			Terminal: false,
-			User:     rspec.User{},
 			Args: []string{
 				"sh",
 			},
-			Env: []string{
-				"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
-				"TERM=xterm",
+		},
+		Hostname: "mrsdalloway",
+	}
+
+	if os == "linux" || os == "solaris" {
+		config.Process.User = rspec.User{}
+		config.Process.Env = []string{
+			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+			"TERM=xterm",
+		}
+		config.Process.Cwd = "/"
+		config.Process.Rlimits = []rspec.POSIXRlimit{
+			{
+				Type: "RLIMIT_NOFILE",
+				Hard: uint64(1024),
+				Soft: uint64(1024),
 			},
-			Cwd: "/",
-			Capabilities: &rspec.LinuxCapabilities{
-				Bounding: []string{
-					"CAP_CHOWN",
-					"CAP_DAC_OVERRIDE",
-					"CAP_FSETID",
-					"CAP_FOWNER",
-					"CAP_MKNOD",
-					"CAP_NET_RAW",
-					"CAP_SETGID",
-					"CAP_SETUID",
-					"CAP_SETFCAP",
-					"CAP_SETPCAP",
-					"CAP_NET_BIND_SERVICE",
-					"CAP_SYS_CHROOT",
-					"CAP_KILL",
-					"CAP_AUDIT_WRITE",
-				},
-				Permitted: []string{
-					"CAP_CHOWN",
-					"CAP_DAC_OVERRIDE",
-					"CAP_FSETID",
-					"CAP_FOWNER",
-					"CAP_MKNOD",
-					"CAP_NET_RAW",
-					"CAP_SETGID",
-					"CAP_SETUID",
-					"CAP_SETFCAP",
-					"CAP_SETPCAP",
-					"CAP_NET_BIND_SERVICE",
-					"CAP_SYS_CHROOT",
-					"CAP_KILL",
-					"CAP_AUDIT_WRITE",
-				},
-				Inheritable: []string{
-					"CAP_CHOWN",
-					"CAP_DAC_OVERRIDE",
-					"CAP_FSETID",
-					"CAP_FOWNER",
-					"CAP_MKNOD",
-					"CAP_NET_RAW",
-					"CAP_SETGID",
-					"CAP_SETUID",
-					"CAP_SETFCAP",
-					"CAP_SETPCAP",
-					"CAP_NET_BIND_SERVICE",
-					"CAP_SYS_CHROOT",
-					"CAP_KILL",
-					"CAP_AUDIT_WRITE",
-				},
-				Effective: []string{
-					"CAP_CHOWN",
-					"CAP_DAC_OVERRIDE",
-					"CAP_FSETID",
-					"CAP_FOWNER",
-					"CAP_MKNOD",
-					"CAP_NET_RAW",
-					"CAP_SETGID",
-					"CAP_SETUID",
-					"CAP_SETFCAP",
-					"CAP_SETPCAP",
-					"CAP_NET_BIND_SERVICE",
-					"CAP_SYS_CHROOT",
-					"CAP_KILL",
-					"CAP_AUDIT_WRITE",
-				},
-				Ambient: []string{
-					"CAP_CHOWN",
-					"CAP_DAC_OVERRIDE",
-					"CAP_FSETID",
-					"CAP_FOWNER",
-					"CAP_MKNOD",
-					"CAP_NET_RAW",
-					"CAP_SETGID",
-					"CAP_SETUID",
-					"CAP_SETFCAP",
-					"CAP_SETPCAP",
-					"CAP_NET_BIND_SERVICE",
-					"CAP_SYS_CHROOT",
-					"CAP_KILL",
-					"CAP_AUDIT_WRITE",
-				},
+		}
+	}
+
+	if os == "linux" {
+		config.Process.Capabilities = &rspec.LinuxCapabilities{
+			Bounding: []string{
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_FSETID",
+				"CAP_FOWNER",
+				"CAP_MKNOD",
+				"CAP_NET_RAW",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETFCAP",
+				"CAP_SETPCAP",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_SYS_CHROOT",
+				"CAP_KILL",
+				"CAP_AUDIT_WRITE",
 			},
-			Rlimits: []rspec.POSIXRlimit{
-				{
-					Type: "RLIMIT_NOFILE",
-					Hard: uint64(1024),
-					Soft: uint64(1024),
-				},
+			Permitted: []string{
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_FSETID",
+				"CAP_FOWNER",
+				"CAP_MKNOD",
+				"CAP_NET_RAW",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETFCAP",
+				"CAP_SETPCAP",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_SYS_CHROOT",
+				"CAP_KILL",
+				"CAP_AUDIT_WRITE",
 			},
-		},
-		Hostname: "mrsdalloway",
-		Mounts: []rspec.Mount{
+			Inheritable: []string{
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_FSETID",
+				"CAP_FOWNER",
+				"CAP_MKNOD",
+				"CAP_NET_RAW",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETFCAP",
+				"CAP_SETPCAP",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_SYS_CHROOT",
+				"CAP_KILL",
+				"CAP_AUDIT_WRITE",
+			},
+			Effective: []string{
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_FSETID",
+				"CAP_FOWNER",
+				"CAP_MKNOD",
+				"CAP_NET_RAW",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETFCAP",
+				"CAP_SETPCAP",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_SYS_CHROOT",
+				"CAP_KILL",
+				"CAP_AUDIT_WRITE",
+			},
+			Ambient: []string{
+				"CAP_CHOWN",
+				"CAP_DAC_OVERRIDE",
+				"CAP_FSETID",
+				"CAP_FOWNER",
+				"CAP_MKNOD",
+				"CAP_NET_RAW",
+				"CAP_SETGID",
+				"CAP_SETUID",
+				"CAP_SETFCAP",
+				"CAP_SETPCAP",
+				"CAP_NET_BIND_SERVICE",
+				"CAP_SYS_CHROOT",
+				"CAP_KILL",
+				"CAP_AUDIT_WRITE",
+			},
+		}
+		config.Mounts = []rspec.Mount{
 			{
 				Destination: "/proc",
 				Type:        "proc",
@@ -183,8 +194,8 @@ func New() Generator {
 				Source:      "sysfs",
 				Options:     []string{"nosuid", "noexec", "nodev", "ro"},
 			},
-		},
-		Linux: &rspec.Linux{
+		}
+		config.Linux = &rspec.Linux{
 			Resources: &rspec.LinuxResources{
 				Devices: []rspec.LinuxDeviceCgroup{
 					{
@@ -210,23 +221,27 @@ func New() Generator {
 					Type: "mount",
 				},
 			},
-			Devices: []rspec.LinuxDevice{},
-		},
-	}
-	spec.Linux.Seccomp = seccomp.DefaultProfile(&spec)
-	return Generator{
-		spec: &spec,
+			Seccomp: seccomp.DefaultProfile(&config),
+		}
 	}
+
+	return Generator{Config: &config}, nil
 }
 
-// NewFromSpec creates a spec Generator from a given spec.
-func NewFromSpec(spec *rspec.Spec) Generator {
+// NewFromSpec creates a configuration Generator from a given
+// configuration.
+//
+// Deprecated: Replace with:
+//
+//   generator := Generator{Config: config}
+func NewFromSpec(config *rspec.Spec) Generator {
 	return Generator{
-		spec: spec,
+		Config: config,
 	}
 }
 
-// NewFromFile loads the template specified in a file into a spec Generator.
+// NewFromFile loads the template specified in a file into a
+// configuration Generator.
 func NewFromFile(path string) (Generator, error) {
 	cf, err := os.Open(path)
 	if err != nil {
@@ -240,45 +255,52 @@ func NewFromFile(path string) (Generator, error) {
 	return NewFromTemplate(cf)
 }
 
-// NewFromTemplate loads the template from io.Reader into a spec Generator.
+// NewFromTemplate loads the template from io.Reader into a
+// configuration Generator.
 func NewFromTemplate(r io.Reader) (Generator, error) {
-	var spec rspec.Spec
-	if err := json.NewDecoder(r).Decode(&spec); err != nil {
+	var config rspec.Spec
+	if err := json.NewDecoder(r).Decode(&config); err != nil {
 		return Generator{}, err
 	}
 	return Generator{
-		spec: &spec,
+		Config: &config,
 	}, nil
 }
 
-// SetSpec sets the spec in the Generator g.
-func (g *Generator) SetSpec(spec *rspec.Spec) {
-	g.spec = spec
+// SetSpec sets the configuration in the Generator g.
+//
+// Deprecated: Replace with:
+//
+//   Use generator.Config = config
+func (g *Generator) SetSpec(config *rspec.Spec) {
+	g.Config = config
 }
 
-// Spec gets the spec in the Generator g.
+// Spec gets the configuration from the Generator g.
+//
+// Deprecated: Replace with generator.Config.
 func (g *Generator) Spec() *rspec.Spec {
-	return g.spec
+	return g.Config
 }
 
-// Save writes the spec into w.
+// Save writes the configuration into w.
 func (g *Generator) Save(w io.Writer, exportOpts ExportOptions) (err error) {
 	var data []byte
 
-	if g.spec.Linux != nil {
-		buf, err := json.Marshal(g.spec.Linux)
+	if g.Config.Linux != nil {
+		buf, err := json.Marshal(g.Config.Linux)
 		if err != nil {
 			return err
 		}
 		if string(buf) == "{}" {
-			g.spec.Linux = nil
+			g.Config.Linux = nil
 		}
 	}
 
 	if exportOpts.Seccomp {
-		data, err = json.MarshalIndent(g.spec.Linux.Seccomp, "", "\t")
+		data, err = json.MarshalIndent(g.Config.Linux.Seccomp, "", "\t")
 	} else {
-		data, err = json.MarshalIndent(g.spec, "", "\t")
+		data, err = json.MarshalIndent(g.Config, "", "\t")
 	}
 	if err != nil {
 		return err
@@ -292,7 +314,7 @@ func (g *Generator) Save(w io.Writer, exportOpts ExportOptions) (err error) {
 	return nil
 }
 
-// SaveToFile writes the spec into a file.
+// SaveToFile writes the configuration into a file.
 func (g *Generator) SaveToFile(path string, exportOpts ExportOptions) error {
 	f, err := os.Create(path)
 	if err != nil {
@@ -302,131 +324,145 @@ func (g *Generator) SaveToFile(path string, exportOpts ExportOptions) error {
 	return g.Save(f, exportOpts)
 }
 
-// SetVersion sets g.spec.Version.
+// SetVersion sets g.Config.Version.
 func (g *Generator) SetVersion(version string) {
-	g.initSpec()
-	g.spec.Version = version
+	g.initConfig()
+	g.Config.Version = version
 }
 
-// SetRootPath sets g.spec.Root.Path.
+// SetRootPath sets g.Config.Root.Path.
 func (g *Generator) SetRootPath(path string) {
-	g.initSpecRoot()
-	g.spec.Root.Path = path
+	g.initConfigRoot()
+	g.Config.Root.Path = path
 }
 
-// SetRootReadonly sets g.spec.Root.Readonly.
+// SetRootReadonly sets g.Config.Root.Readonly.
 func (g *Generator) SetRootReadonly(b bool) {
-	g.initSpecRoot()
-	g.spec.Root.Readonly = b
+	g.initConfigRoot()
+	g.Config.Root.Readonly = b
 }
 
-// SetHostname sets g.spec.Hostname.
+// SetHostname sets g.Config.Hostname.
 func (g *Generator) SetHostname(s string) {
-	g.initSpec()
-	g.spec.Hostname = s
+	g.initConfig()
+	g.Config.Hostname = s
 }
 
-// ClearAnnotations clears g.spec.Annotations.
+// ClearAnnotations clears g.Config.Annotations.
 func (g *Generator) ClearAnnotations() {
-	if g.spec == nil {
+	if g.Config == nil {
 		return
 	}
-	g.spec.Annotations = make(map[string]string)
+	g.Config.Annotations = make(map[string]string)
 }
 
-// AddAnnotation adds an annotation into g.spec.Annotations.
+// AddAnnotation adds an annotation into g.Config.Annotations.
 func (g *Generator) AddAnnotation(key, value string) {
-	g.initSpecAnnotations()
-	g.spec.Annotations[key] = value
+	g.initConfigAnnotations()
+	g.Config.Annotations[key] = value
 }
 
-// RemoveAnnotation remove an annotation from g.spec.Annotations.
+// RemoveAnnotation remove an annotation from g.Config.Annotations.
 func (g *Generator) RemoveAnnotation(key string) {
-	if g.spec == nil || g.spec.Annotations == nil {
+	if g.Config == nil || g.Config.Annotations == nil {
+		return
+	}
+	delete(g.Config.Annotations, key)
+}
+
+// RemoveHostname removes g.Config.Hostname, setting it to an empty string.
+func (g *Generator) RemoveHostname() {
+	if g.Config == nil {
 		return
 	}
-	delete(g.spec.Annotations, key)
+	g.Config.Hostname = ""
 }
 
-// SetProcessConsoleSize sets g.spec.Process.ConsoleSize.
+// SetProcessConsoleSize sets g.Config.Process.ConsoleSize.
 func (g *Generator) SetProcessConsoleSize(width, height uint) {
-	g.initSpecProcessConsoleSize()
-	g.spec.Process.ConsoleSize.Width = width
-	g.spec.Process.ConsoleSize.Height = height
+	g.initConfigProcessConsoleSize()
+	g.Config.Process.ConsoleSize.Width = width
+	g.Config.Process.ConsoleSize.Height = height
 }
 
-// SetProcessUID sets g.spec.Process.User.UID.
+// SetProcessUID sets g.Config.Process.User.UID.
 func (g *Generator) SetProcessUID(uid uint32) {
-	g.initSpecProcess()
-	g.spec.Process.User.UID = uid
+	g.initConfigProcess()
+	g.Config.Process.User.UID = uid
 }
 
-// SetProcessGID sets g.spec.Process.User.GID.
+// SetProcessUsername sets g.Config.Process.User.Username.
+func (g *Generator) SetProcessUsername(username string) {
+	g.initConfigProcess()
+	g.Config.Process.User.Username = username
+}
+
+// SetProcessGID sets g.Config.Process.User.GID.
 func (g *Generator) SetProcessGID(gid uint32) {
-	g.initSpecProcess()
-	g.spec.Process.User.GID = gid
+	g.initConfigProcess()
+	g.Config.Process.User.GID = gid
 }
 
-// SetProcessCwd sets g.spec.Process.Cwd.
+// SetProcessCwd sets g.Config.Process.Cwd.
 func (g *Generator) SetProcessCwd(cwd string) {
-	g.initSpecProcess()
-	g.spec.Process.Cwd = cwd
+	g.initConfigProcess()
+	g.Config.Process.Cwd = cwd
 }
 
-// SetProcessNoNewPrivileges sets g.spec.Process.NoNewPrivileges.
+// SetProcessNoNewPrivileges sets g.Config.Process.NoNewPrivileges.
 func (g *Generator) SetProcessNoNewPrivileges(b bool) {
-	g.initSpecProcess()
-	g.spec.Process.NoNewPrivileges = b
+	g.initConfigProcess()
+	g.Config.Process.NoNewPrivileges = b
 }
 
-// SetProcessTerminal sets g.spec.Process.Terminal.
+// SetProcessTerminal sets g.Config.Process.Terminal.
 func (g *Generator) SetProcessTerminal(b bool) {
-	g.initSpecProcess()
-	g.spec.Process.Terminal = b
+	g.initConfigProcess()
+	g.Config.Process.Terminal = b
 }
 
-// SetProcessApparmorProfile sets g.spec.Process.ApparmorProfile.
+// SetProcessApparmorProfile sets g.Config.Process.ApparmorProfile.
 func (g *Generator) SetProcessApparmorProfile(prof string) {
-	g.initSpecProcess()
-	g.spec.Process.ApparmorProfile = prof
+	g.initConfigProcess()
+	g.Config.Process.ApparmorProfile = prof
 }
 
-// SetProcessArgs sets g.spec.Process.Args.
+// SetProcessArgs sets g.Config.Process.Args.
 func (g *Generator) SetProcessArgs(args []string) {
-	g.initSpecProcess()
-	g.spec.Process.Args = args
+	g.initConfigProcess()
+	g.Config.Process.Args = args
 }
 
-// ClearProcessEnv clears g.spec.Process.Env.
+// ClearProcessEnv clears g.Config.Process.Env.
 func (g *Generator) ClearProcessEnv() {
-	if g.spec == nil || g.spec.Process == nil {
+	if g.Config == nil || g.Config.Process == nil {
 		return
 	}
-	g.spec.Process.Env = []string{}
+	g.Config.Process.Env = []string{}
 }
 
-// AddProcessEnv adds name=value into g.spec.Process.Env, or replaces an
+// AddProcessEnv adds name=value into g.Config.Process.Env, or replaces an
 // existing entry with the given name.
 func (g *Generator) AddProcessEnv(name, value string) {
-	g.initSpecProcess()
+	g.initConfigProcess()
 
 	env := fmt.Sprintf("%s=%s", name, value)
-	for idx := range g.spec.Process.Env {
-		if strings.HasPrefix(g.spec.Process.Env[idx], name+"=") {
-			g.spec.Process.Env[idx] = env
+	for idx := range g.Config.Process.Env {
+		if strings.HasPrefix(g.Config.Process.Env[idx], name+"=") {
+			g.Config.Process.Env[idx] = env
 			return
 		}
 	}
-	g.spec.Process.Env = append(g.spec.Process.Env, env)
+	g.Config.Process.Env = append(g.Config.Process.Env, env)
 }
 
-// AddProcessRlimits adds rlimit into g.spec.Process.Rlimits.
+// AddProcessRlimits adds rlimit into g.Config.Process.Rlimits.
 func (g *Generator) AddProcessRlimits(rType string, rHard uint64, rSoft uint64) {
-	g.initSpecProcess()
-	for i, rlimit := range g.spec.Process.Rlimits {
+	g.initConfigProcess()
+	for i, rlimit := range g.Config.Process.Rlimits {
 		if rlimit.Type == rType {
-			g.spec.Process.Rlimits[i].Hard = rHard
-			g.spec.Process.Rlimits[i].Soft = rSoft
+			g.Config.Process.Rlimits[i].Hard = rHard
+			g.Config.Process.Rlimits[i].Soft = rSoft
 			return
 		}
 	}
@@ -436,91 +472,91 @@ func (g *Generator) AddProcessRlimits(rType string, rHard uint64, rSoft uint64)
 		Hard: rHard,
 		Soft: rSoft,
 	}
-	g.spec.Process.Rlimits = append(g.spec.Process.Rlimits, newRlimit)
+	g.Config.Process.Rlimits = append(g.Config.Process.Rlimits, newRlimit)
 }
 
-// RemoveProcessRlimits removes a rlimit from g.spec.Process.Rlimits.
+// RemoveProcessRlimits removes a rlimit from g.Config.Process.Rlimits.
 func (g *Generator) RemoveProcessRlimits(rType string) {
-	if g.spec == nil || g.spec.Process == nil {
+	if g.Config == nil || g.Config.Process == nil {
 		return
 	}
-	for i, rlimit := range g.spec.Process.Rlimits {
+	for i, rlimit := range g.Config.Process.Rlimits {
 		if rlimit.Type == rType {
-			g.spec.Process.Rlimits = append(g.spec.Process.Rlimits[:i], g.spec.Process.Rlimits[i+1:]...)
+			g.Config.Process.Rlimits = append(g.Config.Process.Rlimits[:i], g.Config.Process.Rlimits[i+1:]...)
 			return
 		}
 	}
 }
 
-// ClearProcessRlimits clear g.spec.Process.Rlimits.
+// ClearProcessRlimits clear g.Config.Process.Rlimits.
 func (g *Generator) ClearProcessRlimits() {
-	if g.spec == nil || g.spec.Process == nil {
+	if g.Config == nil || g.Config.Process == nil {
 		return
 	}
-	g.spec.Process.Rlimits = []rspec.POSIXRlimit{}
+	g.Config.Process.Rlimits = []rspec.POSIXRlimit{}
 }
 
-// ClearProcessAdditionalGids clear g.spec.Process.AdditionalGids.
+// ClearProcessAdditionalGids clear g.Config.Process.AdditionalGids.
 func (g *Generator) ClearProcessAdditionalGids() {
-	if g.spec == nil || g.spec.Process == nil {
+	if g.Config == nil || g.Config.Process == nil {
 		return
 	}
-	g.spec.Process.User.AdditionalGids = []uint32{}
+	g.Config.Process.User.AdditionalGids = []uint32{}
 }
 
-// AddProcessAdditionalGid adds an additional gid into g.spec.Process.AdditionalGids.
+// AddProcessAdditionalGid adds an additional gid into g.Config.Process.AdditionalGids.
 func (g *Generator) AddProcessAdditionalGid(gid uint32) {
-	g.initSpecProcess()
-	for _, group := range g.spec.Process.User.AdditionalGids {
+	g.initConfigProcess()
+	for _, group := range g.Config.Process.User.AdditionalGids {
 		if group == gid {
 			return
 		}
 	}
-	g.spec.Process.User.AdditionalGids = append(g.spec.Process.User.AdditionalGids, gid)
+	g.Config.Process.User.AdditionalGids = append(g.Config.Process.User.AdditionalGids, gid)
 }
 
-// SetProcessSelinuxLabel sets g.spec.Process.SelinuxLabel.
+// SetProcessSelinuxLabel sets g.Config.Process.SelinuxLabel.
 func (g *Generator) SetProcessSelinuxLabel(label string) {
-	g.initSpecProcess()
-	g.spec.Process.SelinuxLabel = label
+	g.initConfigProcess()
+	g.Config.Process.SelinuxLabel = label
 }
 
-// SetLinuxCgroupsPath sets g.spec.Linux.CgroupsPath.
+// SetLinuxCgroupsPath sets g.Config.Linux.CgroupsPath.
 func (g *Generator) SetLinuxCgroupsPath(path string) {
-	g.initSpecLinux()
-	g.spec.Linux.CgroupsPath = path
+	g.initConfigLinux()
+	g.Config.Linux.CgroupsPath = path
 }
 
-// SetLinuxIntelRdtL3CacheSchema sets g.spec.Linux.IntelRdt.L3CacheSchema
+// SetLinuxIntelRdtL3CacheSchema sets g.Config.Linux.IntelRdt.L3CacheSchema
 func (g *Generator) SetLinuxIntelRdtL3CacheSchema(schema string) {
-	g.initSpecLinuxIntelRdt()
-	g.spec.Linux.IntelRdt.L3CacheSchema = schema
+	g.initConfigLinuxIntelRdt()
+	g.Config.Linux.IntelRdt.L3CacheSchema = schema
 }
 
-// SetLinuxMountLabel sets g.spec.Linux.MountLabel.
+// SetLinuxMountLabel sets g.Config.Linux.MountLabel.
 func (g *Generator) SetLinuxMountLabel(label string) {
-	g.initSpecLinux()
-	g.spec.Linux.MountLabel = label
+	g.initConfigLinux()
+	g.Config.Linux.MountLabel = label
 }
 
-// SetProcessOOMScoreAdj sets g.spec.Process.OOMScoreAdj.
+// SetProcessOOMScoreAdj sets g.Config.Process.OOMScoreAdj.
 func (g *Generator) SetProcessOOMScoreAdj(adj int) {
-	g.initSpecProcess()
-	g.spec.Process.OOMScoreAdj = &adj
+	g.initConfigProcess()
+	g.Config.Process.OOMScoreAdj = &adj
 }
 
-// SetLinuxResourcesBlockIOLeafWeight sets g.spec.Linux.Resources.BlockIO.LeafWeight.
+// SetLinuxResourcesBlockIOLeafWeight sets g.Config.Linux.Resources.BlockIO.LeafWeight.
 func (g *Generator) SetLinuxResourcesBlockIOLeafWeight(weight uint16) {
-	g.initSpecLinuxResourcesBlockIO()
-	g.spec.Linux.Resources.BlockIO.LeafWeight = &weight
+	g.initConfigLinuxResourcesBlockIO()
+	g.Config.Linux.Resources.BlockIO.LeafWeight = &weight
 }
 
-// AddLinuxResourcesBlockIOLeafWeightDevice adds or sets g.spec.Linux.Resources.BlockIO.WeightDevice.LeafWeight.
+// AddLinuxResourcesBlockIOLeafWeightDevice adds or sets g.Config.Linux.Resources.BlockIO.WeightDevice.LeafWeight.
 func (g *Generator) AddLinuxResourcesBlockIOLeafWeightDevice(major int64, minor int64, weight uint16) {
-	g.initSpecLinuxResourcesBlockIO()
-	for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice {
+	g.initConfigLinuxResourcesBlockIO()
+	for i, weightDevice := range g.Config.Linux.Resources.BlockIO.WeightDevice {
 		if weightDevice.Major == major && weightDevice.Minor == minor {
-			g.spec.Linux.Resources.BlockIO.WeightDevice[i].LeafWeight = &weight
+			g.Config.Linux.Resources.BlockIO.WeightDevice[i].LeafWeight = &weight
 			return
 		}
 	}
@@ -528,43 +564,43 @@ func (g *Generator) AddLinuxResourcesBlockIOLeafWeightDevice(major int64, minor
 	weightDevice.Major = major
 	weightDevice.Minor = minor
 	weightDevice.LeafWeight = &weight
-	g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice, *weightDevice)
+	g.Config.Linux.Resources.BlockIO.WeightDevice = append(g.Config.Linux.Resources.BlockIO.WeightDevice, *weightDevice)
 }
 
-// DropLinuxResourcesBlockIOLeafWeightDevice drops a item form g.spec.Linux.Resources.BlockIO.WeightDevice.LeafWeight
+// DropLinuxResourcesBlockIOLeafWeightDevice drops a item form g.Config.Linux.Resources.BlockIO.WeightDevice.LeafWeight
 func (g *Generator) DropLinuxResourcesBlockIOLeafWeightDevice(major int64, minor int64) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil || g.Config.Linux.Resources.BlockIO == nil {
 		return
 	}
 
-	for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice {
+	for i, weightDevice := range g.Config.Linux.Resources.BlockIO.WeightDevice {
 		if weightDevice.Major == major && weightDevice.Minor == minor {
 			if weightDevice.Weight != nil {
 				newWeightDevice := new(rspec.LinuxWeightDevice)
 				newWeightDevice.Major = major
 				newWeightDevice.Minor = minor
 				newWeightDevice.Weight = weightDevice.Weight
-				g.spec.Linux.Resources.BlockIO.WeightDevice[i] = *newWeightDevice
+				g.Config.Linux.Resources.BlockIO.WeightDevice[i] = *newWeightDevice
 			} else {
-				g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice[:i], g.spec.Linux.Resources.BlockIO.WeightDevice[i+1:]...)
+				g.Config.Linux.Resources.BlockIO.WeightDevice = append(g.Config.Linux.Resources.BlockIO.WeightDevice[:i], g.Config.Linux.Resources.BlockIO.WeightDevice[i+1:]...)
 			}
 			return
 		}
 	}
 }
 
-// SetLinuxResourcesBlockIOWeight sets g.spec.Linux.Resources.BlockIO.Weight.
+// SetLinuxResourcesBlockIOWeight sets g.Config.Linux.Resources.BlockIO.Weight.
 func (g *Generator) SetLinuxResourcesBlockIOWeight(weight uint16) {
-	g.initSpecLinuxResourcesBlockIO()
-	g.spec.Linux.Resources.BlockIO.Weight = &weight
+	g.initConfigLinuxResourcesBlockIO()
+	g.Config.Linux.Resources.BlockIO.Weight = &weight
 }
 
-// AddLinuxResourcesBlockIOWeightDevice adds or sets g.spec.Linux.Resources.BlockIO.WeightDevice.Weight.
+// AddLinuxResourcesBlockIOWeightDevice adds or sets g.Config.Linux.Resources.BlockIO.WeightDevice.Weight.
 func (g *Generator) AddLinuxResourcesBlockIOWeightDevice(major int64, minor int64, weight uint16) {
-	g.initSpecLinuxResourcesBlockIO()
-	for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice {
+	g.initConfigLinuxResourcesBlockIO()
+	for i, weightDevice := range g.Config.Linux.Resources.BlockIO.WeightDevice {
 		if weightDevice.Major == major && weightDevice.Minor == minor {
-			g.spec.Linux.Resources.BlockIO.WeightDevice[i].Weight = &weight
+			g.Config.Linux.Resources.BlockIO.WeightDevice[i].Weight = &weight
 			return
 		}
 	}
@@ -572,286 +608,286 @@ func (g *Generator) AddLinuxResourcesBlockIOWeightDevice(major int64, minor int6
 	weightDevice.Major = major
 	weightDevice.Minor = minor
 	weightDevice.Weight = &weight
-	g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice, *weightDevice)
+	g.Config.Linux.Resources.BlockIO.WeightDevice = append(g.Config.Linux.Resources.BlockIO.WeightDevice, *weightDevice)
 }
 
-// DropLinuxResourcesBlockIOWeightDevice drops a item form g.spec.Linux.Resources.BlockIO.WeightDevice.Weight
+// DropLinuxResourcesBlockIOWeightDevice drops a item form g.Config.Linux.Resources.BlockIO.WeightDevice.Weight
 func (g *Generator) DropLinuxResourcesBlockIOWeightDevice(major int64, minor int64) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil || g.Config.Linux.Resources.BlockIO == nil {
 		return
 	}
 
-	for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice {
+	for i, weightDevice := range g.Config.Linux.Resources.BlockIO.WeightDevice {
 		if weightDevice.Major == major && weightDevice.Minor == minor {
 			if weightDevice.LeafWeight != nil {
 				newWeightDevice := new(rspec.LinuxWeightDevice)
 				newWeightDevice.Major = major
 				newWeightDevice.Minor = minor
 				newWeightDevice.LeafWeight = weightDevice.LeafWeight
-				g.spec.Linux.Resources.BlockIO.WeightDevice[i] = *newWeightDevice
+				g.Config.Linux.Resources.BlockIO.WeightDevice[i] = *newWeightDevice
 			} else {
-				g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice[:i], g.spec.Linux.Resources.BlockIO.WeightDevice[i+1:]...)
+				g.Config.Linux.Resources.BlockIO.WeightDevice = append(g.Config.Linux.Resources.BlockIO.WeightDevice[:i], g.Config.Linux.Resources.BlockIO.WeightDevice[i+1:]...)
 			}
 			return
 		}
 	}
 }
 
-// AddLinuxResourcesBlockIOThrottleReadBpsDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice.
+// AddLinuxResourcesBlockIOThrottleReadBpsDevice adds or sets g.Config.Linux.Resources.BlockIO.ThrottleReadBpsDevice.
 func (g *Generator) AddLinuxResourcesBlockIOThrottleReadBpsDevice(major int64, minor int64, rate uint64) {
-	g.initSpecLinuxResourcesBlockIO()
-	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice, major, minor, rate)
-	g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice = throttleDevices
+	g.initConfigLinuxResourcesBlockIO()
+	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleReadBpsDevice, major, minor, rate)
+	g.Config.Linux.Resources.BlockIO.ThrottleReadBpsDevice = throttleDevices
 }
 
-// DropLinuxResourcesBlockIOThrottleReadBpsDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice.
+// DropLinuxResourcesBlockIOThrottleReadBpsDevice drops a item from g.Config.Linux.Resources.BlockIO.ThrottleReadBpsDevice.
 func (g *Generator) DropLinuxResourcesBlockIOThrottleReadBpsDevice(major int64, minor int64) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil || g.Config.Linux.Resources.BlockIO == nil {
 		return
 	}
 
-	throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice, major, minor)
-	g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice = throttleDevices
+	throttleDevices := dropBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleReadBpsDevice, major, minor)
+	g.Config.Linux.Resources.BlockIO.ThrottleReadBpsDevice = throttleDevices
 }
 
-// AddLinuxResourcesBlockIOThrottleReadIOPSDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice.
+// AddLinuxResourcesBlockIOThrottleReadIOPSDevice adds or sets g.Config.Linux.Resources.BlockIO.ThrottleReadIOPSDevice.
 func (g *Generator) AddLinuxResourcesBlockIOThrottleReadIOPSDevice(major int64, minor int64, rate uint64) {
-	g.initSpecLinuxResourcesBlockIO()
-	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice, major, minor, rate)
-	g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice = throttleDevices
+	g.initConfigLinuxResourcesBlockIO()
+	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleReadIOPSDevice, major, minor, rate)
+	g.Config.Linux.Resources.BlockIO.ThrottleReadIOPSDevice = throttleDevices
 }
 
-// DropLinuxResourcesBlockIOThrottleReadIOPSDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice.
+// DropLinuxResourcesBlockIOThrottleReadIOPSDevice drops a item from g.Config.Linux.Resources.BlockIO.ThrottleReadIOPSDevice.
 func (g *Generator) DropLinuxResourcesBlockIOThrottleReadIOPSDevice(major int64, minor int64) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil || g.Config.Linux.Resources.BlockIO == nil {
 		return
 	}
 
-	throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice, major, minor)
-	g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice = throttleDevices
+	throttleDevices := dropBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleReadIOPSDevice, major, minor)
+	g.Config.Linux.Resources.BlockIO.ThrottleReadIOPSDevice = throttleDevices
 }
 
-// AddLinuxResourcesBlockIOThrottleWriteBpsDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice.
+// AddLinuxResourcesBlockIOThrottleWriteBpsDevice adds or sets g.Config.Linux.Resources.BlockIO.ThrottleWriteBpsDevice.
 func (g *Generator) AddLinuxResourcesBlockIOThrottleWriteBpsDevice(major int64, minor int64, rate uint64) {
-	g.initSpecLinuxResourcesBlockIO()
-	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice, major, minor, rate)
-	g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice = throttleDevices
+	g.initConfigLinuxResourcesBlockIO()
+	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleWriteBpsDevice, major, minor, rate)
+	g.Config.Linux.Resources.BlockIO.ThrottleWriteBpsDevice = throttleDevices
 }
 
-// DropLinuxResourcesBlockIOThrottleWriteBpsDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice.
+// DropLinuxResourcesBlockIOThrottleWriteBpsDevice drops a item from g.Config.Linux.Resources.BlockIO.ThrottleWriteBpsDevice.
 func (g *Generator) DropLinuxResourcesBlockIOThrottleWriteBpsDevice(major int64, minor int64) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil || g.Config.Linux.Resources.BlockIO == nil {
 		return
 	}
 
-	throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice, major, minor)
-	g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice = throttleDevices
+	throttleDevices := dropBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleWriteBpsDevice, major, minor)
+	g.Config.Linux.Resources.BlockIO.ThrottleWriteBpsDevice = throttleDevices
 }
 
-// AddLinuxResourcesBlockIOThrottleWriteIOPSDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice.
+// AddLinuxResourcesBlockIOThrottleWriteIOPSDevice adds or sets g.Config.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice.
 func (g *Generator) AddLinuxResourcesBlockIOThrottleWriteIOPSDevice(major int64, minor int64, rate uint64) {
-	g.initSpecLinuxResourcesBlockIO()
-	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice, major, minor, rate)
-	g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice = throttleDevices
+	g.initConfigLinuxResourcesBlockIO()
+	throttleDevices := addOrReplaceBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice, major, minor, rate)
+	g.Config.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice = throttleDevices
 }
 
-// DropLinuxResourcesBlockIOThrottleWriteIOPSDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice.
+// DropLinuxResourcesBlockIOThrottleWriteIOPSDevice drops a item from g.Config.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice.
 func (g *Generator) DropLinuxResourcesBlockIOThrottleWriteIOPSDevice(major int64, minor int64) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil || g.Config.Linux.Resources.BlockIO == nil {
 		return
 	}
 
-	throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice, major, minor)
-	g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice = throttleDevices
+	throttleDevices := dropBlockIOThrottleDevice(g.Config.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice, major, minor)
+	g.Config.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice = throttleDevices
 }
 
-// SetLinuxResourcesCPUShares sets g.spec.Linux.Resources.CPU.Shares.
+// SetLinuxResourcesCPUShares sets g.Config.Linux.Resources.CPU.Shares.
 func (g *Generator) SetLinuxResourcesCPUShares(shares uint64) {
-	g.initSpecLinuxResourcesCPU()
-	g.spec.Linux.Resources.CPU.Shares = &shares
+	g.InitConfigLinuxResourcesCPU()
+	g.Config.Linux.Resources.CPU.Shares = &shares
 }
 
-// SetLinuxResourcesCPUQuota sets g.spec.Linux.Resources.CPU.Quota.
+// SetLinuxResourcesCPUQuota sets g.Config.Linux.Resources.CPU.Quota.
 func (g *Generator) SetLinuxResourcesCPUQuota(quota int64) {
-	g.initSpecLinuxResourcesCPU()
-	g.spec.Linux.Resources.CPU.Quota = &quota
+	g.InitConfigLinuxResourcesCPU()
+	g.Config.Linux.Resources.CPU.Quota = &quota
 }
 
-// SetLinuxResourcesCPUPeriod sets g.spec.Linux.Resources.CPU.Period.
+// SetLinuxResourcesCPUPeriod sets g.Config.Linux.Resources.CPU.Period.
 func (g *Generator) SetLinuxResourcesCPUPeriod(period uint64) {
-	g.initSpecLinuxResourcesCPU()
-	g.spec.Linux.Resources.CPU.Period = &period
+	g.InitConfigLinuxResourcesCPU()
+	g.Config.Linux.Resources.CPU.Period = &period
 }
 
-// SetLinuxResourcesCPURealtimeRuntime sets g.spec.Linux.Resources.CPU.RealtimeRuntime.
+// SetLinuxResourcesCPURealtimeRuntime sets g.Config.Linux.Resources.CPU.RealtimeRuntime.
 func (g *Generator) SetLinuxResourcesCPURealtimeRuntime(time int64) {
-	g.initSpecLinuxResourcesCPU()
-	g.spec.Linux.Resources.CPU.RealtimeRuntime = &time
+	g.InitConfigLinuxResourcesCPU()
+	g.Config.Linux.Resources.CPU.RealtimeRuntime = &time
 }
 
-// SetLinuxResourcesCPURealtimePeriod sets g.spec.Linux.Resources.CPU.RealtimePeriod.
+// SetLinuxResourcesCPURealtimePeriod sets g.Config.Linux.Resources.CPU.RealtimePeriod.
 func (g *Generator) SetLinuxResourcesCPURealtimePeriod(period uint64) {
-	g.initSpecLinuxResourcesCPU()
-	g.spec.Linux.Resources.CPU.RealtimePeriod = &period
+	g.InitConfigLinuxResourcesCPU()
+	g.Config.Linux.Resources.CPU.RealtimePeriod = &period
 }
 
-// SetLinuxResourcesCPUCpus sets g.spec.Linux.Resources.CPU.Cpus.
+// SetLinuxResourcesCPUCpus sets g.Config.Linux.Resources.CPU.Cpus.
 func (g *Generator) SetLinuxResourcesCPUCpus(cpus string) {
-	g.initSpecLinuxResourcesCPU()
-	g.spec.Linux.Resources.CPU.Cpus = cpus
+	g.InitConfigLinuxResourcesCPU()
+	g.Config.Linux.Resources.CPU.Cpus = cpus
 }
 
-// SetLinuxResourcesCPUMems sets g.spec.Linux.Resources.CPU.Mems.
+// SetLinuxResourcesCPUMems sets g.Config.Linux.Resources.CPU.Mems.
 func (g *Generator) SetLinuxResourcesCPUMems(mems string) {
-	g.initSpecLinuxResourcesCPU()
-	g.spec.Linux.Resources.CPU.Mems = mems
+	g.InitConfigLinuxResourcesCPU()
+	g.Config.Linux.Resources.CPU.Mems = mems
 }
 
-// AddLinuxResourcesHugepageLimit adds or sets g.spec.Linux.Resources.HugepageLimits.
+// AddLinuxResourcesHugepageLimit adds or sets g.Config.Linux.Resources.HugepageLimits.
 func (g *Generator) AddLinuxResourcesHugepageLimit(pageSize string, limit uint64) {
 	hugepageLimit := rspec.LinuxHugepageLimit{
 		Pagesize: pageSize,
 		Limit:    limit,
 	}
 
-	g.initSpecLinuxResources()
-	for i, pageLimit := range g.spec.Linux.Resources.HugepageLimits {
+	g.initConfigLinuxResources()
+	for i, pageLimit := range g.Config.Linux.Resources.HugepageLimits {
 		if pageLimit.Pagesize == pageSize {
-			g.spec.Linux.Resources.HugepageLimits[i].Limit = limit
+			g.Config.Linux.Resources.HugepageLimits[i].Limit = limit
 			return
 		}
 	}
-	g.spec.Linux.Resources.HugepageLimits = append(g.spec.Linux.Resources.HugepageLimits, hugepageLimit)
+	g.Config.Linux.Resources.HugepageLimits = append(g.Config.Linux.Resources.HugepageLimits, hugepageLimit)
 }
 
-// DropLinuxResourcesHugepageLimit drops a hugepage limit from g.spec.Linux.Resources.HugepageLimits.
+// DropLinuxResourcesHugepageLimit drops a hugepage limit from g.Config.Linux.Resources.HugepageLimits.
 func (g *Generator) DropLinuxResourcesHugepageLimit(pageSize string) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil {
 		return
 	}
 
-	for i, pageLimit := range g.spec.Linux.Resources.HugepageLimits {
+	for i, pageLimit := range g.Config.Linux.Resources.HugepageLimits {
 		if pageLimit.Pagesize == pageSize {
-			g.spec.Linux.Resources.HugepageLimits = append(g.spec.Linux.Resources.HugepageLimits[:i], g.spec.Linux.Resources.HugepageLimits[i+1:]...)
+			g.Config.Linux.Resources.HugepageLimits = append(g.Config.Linux.Resources.HugepageLimits[:i], g.Config.Linux.Resources.HugepageLimits[i+1:]...)
 			return
 		}
 	}
 }
 
-// SetLinuxResourcesMemoryLimit sets g.spec.Linux.Resources.Memory.Limit.
+// SetLinuxResourcesMemoryLimit sets g.Config.Linux.Resources.Memory.Limit.
 func (g *Generator) SetLinuxResourcesMemoryLimit(limit int64) {
-	g.initSpecLinuxResourcesMemory()
-	g.spec.Linux.Resources.Memory.Limit = &limit
+	g.initConfigLinuxResourcesMemory()
+	g.Config.Linux.Resources.Memory.Limit = &limit
 }
 
-// SetLinuxResourcesMemoryReservation sets g.spec.Linux.Resources.Memory.Reservation.
+// SetLinuxResourcesMemoryReservation sets g.Config.Linux.Resources.Memory.Reservation.
 func (g *Generator) SetLinuxResourcesMemoryReservation(reservation int64) {
-	g.initSpecLinuxResourcesMemory()
-	g.spec.Linux.Resources.Memory.Reservation = &reservation
+	g.initConfigLinuxResourcesMemory()
+	g.Config.Linux.Resources.Memory.Reservation = &reservation
 }
 
-// SetLinuxResourcesMemorySwap sets g.spec.Linux.Resources.Memory.Swap.
+// SetLinuxResourcesMemorySwap sets g.Config.Linux.Resources.Memory.Swap.
 func (g *Generator) SetLinuxResourcesMemorySwap(swap int64) {
-	g.initSpecLinuxResourcesMemory()
-	g.spec.Linux.Resources.Memory.Swap = &swap
+	g.initConfigLinuxResourcesMemory()
+	g.Config.Linux.Resources.Memory.Swap = &swap
 }
 
-// SetLinuxResourcesMemoryKernel sets g.spec.Linux.Resources.Memory.Kernel.
+// SetLinuxResourcesMemoryKernel sets g.Config.Linux.Resources.Memory.Kernel.
 func (g *Generator) SetLinuxResourcesMemoryKernel(kernel int64) {
-	g.initSpecLinuxResourcesMemory()
-	g.spec.Linux.Resources.Memory.Kernel = &kernel
+	g.initConfigLinuxResourcesMemory()
+	g.Config.Linux.Resources.Memory.Kernel = &kernel
 }
 
-// SetLinuxResourcesMemoryKernelTCP sets g.spec.Linux.Resources.Memory.KernelTCP.
+// SetLinuxResourcesMemoryKernelTCP sets g.Config.Linux.Resources.Memory.KernelTCP.
 func (g *Generator) SetLinuxResourcesMemoryKernelTCP(kernelTCP int64) {
-	g.initSpecLinuxResourcesMemory()
-	g.spec.Linux.Resources.Memory.KernelTCP = &kernelTCP
+	g.initConfigLinuxResourcesMemory()
+	g.Config.Linux.Resources.Memory.KernelTCP = &kernelTCP
 }
 
-// SetLinuxResourcesMemorySwappiness sets g.spec.Linux.Resources.Memory.Swappiness.
+// SetLinuxResourcesMemorySwappiness sets g.Config.Linux.Resources.Memory.Swappiness.
 func (g *Generator) SetLinuxResourcesMemorySwappiness(swappiness uint64) {
-	g.initSpecLinuxResourcesMemory()
-	g.spec.Linux.Resources.Memory.Swappiness = &swappiness
+	g.initConfigLinuxResourcesMemory()
+	g.Config.Linux.Resources.Memory.Swappiness = &swappiness
 }
 
-// SetLinuxResourcesMemoryDisableOOMKiller sets g.spec.Linux.Resources.Memory.DisableOOMKiller.
+// SetLinuxResourcesMemoryDisableOOMKiller sets g.Config.Linux.Resources.Memory.DisableOOMKiller.
 func (g *Generator) SetLinuxResourcesMemoryDisableOOMKiller(disable bool) {
-	g.initSpecLinuxResourcesMemory()
-	g.spec.Linux.Resources.Memory.DisableOOMKiller = &disable
+	g.initConfigLinuxResourcesMemory()
+	g.Config.Linux.Resources.Memory.DisableOOMKiller = &disable
 }
 
-// SetLinuxResourcesNetworkClassID sets g.spec.Linux.Resources.Network.ClassID.
+// SetLinuxResourcesNetworkClassID sets g.Config.Linux.Resources.Network.ClassID.
 func (g *Generator) SetLinuxResourcesNetworkClassID(classid uint32) {
-	g.initSpecLinuxResourcesNetwork()
-	g.spec.Linux.Resources.Network.ClassID = &classid
+	g.initConfigLinuxResourcesNetwork()
+	g.Config.Linux.Resources.Network.ClassID = &classid
 }
 
-// AddLinuxResourcesNetworkPriorities adds or sets g.spec.Linux.Resources.Network.Priorities.
+// AddLinuxResourcesNetworkPriorities adds or sets g.Config.Linux.Resources.Network.Priorities.
 func (g *Generator) AddLinuxResourcesNetworkPriorities(name string, prio uint32) {
-	g.initSpecLinuxResourcesNetwork()
-	for i, netPriority := range g.spec.Linux.Resources.Network.Priorities {
+	g.initConfigLinuxResourcesNetwork()
+	for i, netPriority := range g.Config.Linux.Resources.Network.Priorities {
 		if netPriority.Name == name {
-			g.spec.Linux.Resources.Network.Priorities[i].Priority = prio
+			g.Config.Linux.Resources.Network.Priorities[i].Priority = prio
 			return
 		}
 	}
 	interfacePrio := new(rspec.LinuxInterfacePriority)
 	interfacePrio.Name = name
 	interfacePrio.Priority = prio
-	g.spec.Linux.Resources.Network.Priorities = append(g.spec.Linux.Resources.Network.Priorities, *interfacePrio)
+	g.Config.Linux.Resources.Network.Priorities = append(g.Config.Linux.Resources.Network.Priorities, *interfacePrio)
 }
 
-// DropLinuxResourcesNetworkPriorities drops one item from g.spec.Linux.Resources.Network.Priorities.
+// DropLinuxResourcesNetworkPriorities drops one item from g.Config.Linux.Resources.Network.Priorities.
 func (g *Generator) DropLinuxResourcesNetworkPriorities(name string) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.Network == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil || g.Config.Linux.Resources.Network == nil {
 		return
 	}
 
-	for i, netPriority := range g.spec.Linux.Resources.Network.Priorities {
+	for i, netPriority := range g.Config.Linux.Resources.Network.Priorities {
 		if netPriority.Name == name {
-			g.spec.Linux.Resources.Network.Priorities = append(g.spec.Linux.Resources.Network.Priorities[:i], g.spec.Linux.Resources.Network.Priorities[i+1:]...)
+			g.Config.Linux.Resources.Network.Priorities = append(g.Config.Linux.Resources.Network.Priorities[:i], g.Config.Linux.Resources.Network.Priorities[i+1:]...)
 			return
 		}
 	}
 }
 
-// SetLinuxResourcesPidsLimit sets g.spec.Linux.Resources.Pids.Limit.
+// SetLinuxResourcesPidsLimit sets g.Config.Linux.Resources.Pids.Limit.
 func (g *Generator) SetLinuxResourcesPidsLimit(limit int64) {
-	g.initSpecLinuxResourcesPids()
-	g.spec.Linux.Resources.Pids.Limit = limit
+	g.initConfigLinuxResourcesPids()
+	g.Config.Linux.Resources.Pids.Limit = limit
 }
 
-// ClearLinuxSysctl clears g.spec.Linux.Sysctl.
+// ClearLinuxSysctl clears g.Config.Linux.Sysctl.
 func (g *Generator) ClearLinuxSysctl() {
-	if g.spec == nil || g.spec.Linux == nil {
+	if g.Config == nil || g.Config.Linux == nil {
 		return
 	}
-	g.spec.Linux.Sysctl = make(map[string]string)
+	g.Config.Linux.Sysctl = make(map[string]string)
 }
 
-// AddLinuxSysctl adds a new sysctl config into g.spec.Linux.Sysctl.
+// AddLinuxSysctl adds a new sysctl config into g.Config.Linux.Sysctl.
 func (g *Generator) AddLinuxSysctl(key, value string) {
-	g.initSpecLinuxSysctl()
-	g.spec.Linux.Sysctl[key] = value
+	g.initConfigLinuxSysctl()
+	g.Config.Linux.Sysctl[key] = value
 }
 
-// RemoveLinuxSysctl removes a sysctl config from g.spec.Linux.Sysctl.
+// RemoveLinuxSysctl removes a sysctl config from g.Config.Linux.Sysctl.
 func (g *Generator) RemoveLinuxSysctl(key string) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Sysctl == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Sysctl == nil {
 		return
 	}
-	delete(g.spec.Linux.Sysctl, key)
+	delete(g.Config.Linux.Sysctl, key)
 }
 
-// ClearLinuxUIDMappings clear g.spec.Linux.UIDMappings.
+// ClearLinuxUIDMappings clear g.Config.Linux.UIDMappings.
 func (g *Generator) ClearLinuxUIDMappings() {
-	if g.spec == nil || g.spec.Linux == nil {
+	if g.Config == nil || g.Config.Linux == nil {
 		return
 	}
-	g.spec.Linux.UIDMappings = []rspec.LinuxIDMapping{}
+	g.Config.Linux.UIDMappings = []rspec.LinuxIDMapping{}
 }
 
-// AddLinuxUIDMapping adds uidMap into g.spec.Linux.UIDMappings.
+// AddLinuxUIDMapping adds uidMap into g.Config.Linux.UIDMappings.
 func (g *Generator) AddLinuxUIDMapping(hid, cid, size uint32) {
 	idMapping := rspec.LinuxIDMapping{
 		HostID:      hid,
@@ -859,19 +895,19 @@ func (g *Generator) AddLinuxUIDMapping(hid, cid, size uint32) {
 		Size:        size,
 	}
 
-	g.initSpecLinux()
-	g.spec.Linux.UIDMappings = append(g.spec.Linux.UIDMappings, idMapping)
+	g.initConfigLinux()
+	g.Config.Linux.UIDMappings = append(g.Config.Linux.UIDMappings, idMapping)
 }
 
-// ClearLinuxGIDMappings clear g.spec.Linux.GIDMappings.
+// ClearLinuxGIDMappings clear g.Config.Linux.GIDMappings.
 func (g *Generator) ClearLinuxGIDMappings() {
-	if g.spec == nil || g.spec.Linux == nil {
+	if g.Config == nil || g.Config.Linux == nil {
 		return
 	}
-	g.spec.Linux.GIDMappings = []rspec.LinuxIDMapping{}
+	g.Config.Linux.GIDMappings = []rspec.LinuxIDMapping{}
 }
 
-// AddLinuxGIDMapping adds gidMap into g.spec.Linux.GIDMappings.
+// AddLinuxGIDMapping adds gidMap into g.Config.Linux.GIDMappings.
 func (g *Generator) AddLinuxGIDMapping(hid, cid, size uint32) {
 	idMapping := rspec.LinuxIDMapping{
 		HostID:      hid,
@@ -879,11 +915,11 @@ func (g *Generator) AddLinuxGIDMapping(hid, cid, size uint32) {
 		Size:        size,
 	}
 
-	g.initSpecLinux()
-	g.spec.Linux.GIDMappings = append(g.spec.Linux.GIDMappings, idMapping)
+	g.initConfigLinux()
+	g.Config.Linux.GIDMappings = append(g.Config.Linux.GIDMappings, idMapping)
 }
 
-// SetLinuxRootPropagation sets g.spec.Linux.RootfsPropagation.
+// SetLinuxRootPropagation sets g.Config.Linux.RootfsPropagation.
 func (g *Generator) SetLinuxRootPropagation(rp string) error {
 	switch rp {
 	case "":
@@ -898,88 +934,70 @@ func (g *Generator) SetLinuxRootPropagation(rp string) error {
 	default:
 		return fmt.Errorf("rootfs-propagation %q must be empty or one of (r)private|(r)slave|(r)shared|(r)unbindable", rp)
 	}
-	g.initSpecLinux()
-	g.spec.Linux.RootfsPropagation = rp
+	g.initConfigLinux()
+	g.Config.Linux.RootfsPropagation = rp
 	return nil
 }
 
-// ClearPreStartHooks clear g.spec.Hooks.Prestart.
+// ClearPreStartHooks clear g.Config.Hooks.Prestart.
 func (g *Generator) ClearPreStartHooks() {
-	if g.spec == nil || g.spec.Hooks == nil {
+	if g.Config == nil || g.Config.Hooks == nil {
 		return
 	}
-	g.spec.Hooks.Prestart = []rspec.Hook{}
+	g.Config.Hooks.Prestart = []rspec.Hook{}
 }
 
-// AddPreStartHook add a prestart hook into g.spec.Hooks.Prestart.
+// AddPreStartHook add a prestart hook into g.Config.Hooks.Prestart.
 func (g *Generator) AddPreStartHook(preStartHook rspec.Hook) error {
-	g.initSpecHooks()
-	for i, hook := range g.spec.Hooks.Prestart {
-		if hook.Path == preStartHook.Path {
-			g.spec.Hooks.Prestart[i] = preStartHook
-			return nil
-		}
-	}
-	g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, preStartHook)
+	g.initConfigHooks()
+	g.Config.Hooks.Prestart = append(g.Config.Hooks.Prestart, preStartHook)
 	return nil
 }
 
-// ClearPostStopHooks clear g.spec.Hooks.Poststop.
+// ClearPostStopHooks clear g.Config.Hooks.Poststop.
 func (g *Generator) ClearPostStopHooks() {
-	if g.spec == nil || g.spec.Hooks == nil {
+	if g.Config == nil || g.Config.Hooks == nil {
 		return
 	}
-	g.spec.Hooks.Poststop = []rspec.Hook{}
+	g.Config.Hooks.Poststop = []rspec.Hook{}
 }
 
-// AddPostStopHook adds a poststop hook into g.spec.Hooks.Poststop.
+// AddPostStopHook adds a poststop hook into g.Config.Hooks.Poststop.
 func (g *Generator) AddPostStopHook(postStopHook rspec.Hook) error {
-	g.initSpecHooks()
-	for i, hook := range g.spec.Hooks.Poststop {
-		if hook.Path == postStopHook.Path {
-			g.spec.Hooks.Poststop[i] = postStopHook
-			return nil
-		}
-	}
-	g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, postStopHook)
+	g.initConfigHooks()
+	g.Config.Hooks.Poststop = append(g.Config.Hooks.Poststop, postStopHook)
 	return nil
 }
 
-// ClearPostStartHooks clear g.spec.Hooks.Poststart.
+// ClearPostStartHooks clear g.Config.Hooks.Poststart.
 func (g *Generator) ClearPostStartHooks() {
-	if g.spec == nil || g.spec.Hooks == nil {
+	if g.Config == nil || g.Config.Hooks == nil {
 		return
 	}
-	g.spec.Hooks.Poststart = []rspec.Hook{}
+	g.Config.Hooks.Poststart = []rspec.Hook{}
 }
 
-// AddPostStartHook adds a poststart hook into g.spec.Hooks.Poststart.
+// AddPostStartHook adds a poststart hook into g.Config.Hooks.Poststart.
 func (g *Generator) AddPostStartHook(postStartHook rspec.Hook) error {
-	g.initSpecHooks()
-	for i, hook := range g.spec.Hooks.Poststart {
-		if hook.Path == postStartHook.Path {
-			g.spec.Hooks.Poststart[i] = postStartHook
-			return nil
-		}
-	}
-	g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, postStartHook)
+	g.initConfigHooks()
+	g.Config.Hooks.Poststart = append(g.Config.Hooks.Poststart, postStartHook)
 	return nil
 }
 
-// AddMount adds a mount into g.spec.Mounts.
+// AddMount adds a mount into g.Config.Mounts.
 func (g *Generator) AddMount(mnt rspec.Mount) {
-	g.initSpec()
+	g.initConfig()
 
-	g.spec.Mounts = append(g.spec.Mounts, mnt)
+	g.Config.Mounts = append(g.Config.Mounts, mnt)
 }
 
 // RemoveMount removes a mount point on the dest directory
 func (g *Generator) RemoveMount(dest string) {
-	g.initSpec()
+	g.initConfig()
 
-	for index, mount := range g.spec.Mounts {
+	for index, mount := range g.Config.Mounts {
 		if mount.Destination == dest {
-			g.spec.Mounts = append(g.spec.Mounts[:index], g.spec.Mounts[index+1:]...)
+			g.Config.Mounts = append(g.Config.Mounts[:index], g.Config.Mounts[index+1:]...)
 			return
 		}
 	}
@@ -987,20 +1005,20 @@ func (g *Generator) RemoveMount(dest string) {
 
 // Mounts returns the list of mounts
 func (g *Generator) Mounts() []rspec.Mount {
-	g.initSpec()
+	g.initConfig()
 
-	return g.spec.Mounts
+	return g.Config.Mounts
 }
 
-// ClearMounts clear g.spec.Mounts
+// ClearMounts clear g.Config.Mounts
 func (g *Generator) ClearMounts() {
-	if g.spec == nil {
+	if g.Config == nil {
 		return
 	}
-	g.spec.Mounts = []rspec.Mount{}
+	g.Config.Mounts = []rspec.Mount{}
 }
 
-// SetupPrivileged sets up the privilege-related fields inside g.spec.
+// SetupPrivileged sets up the privilege-related fields inside g.Config.
 func (g *Generator) SetupPrivileged(privileged bool) {
 	if privileged { // Add all capabilities in privileged mode.
 		var finalCapList []string
@@ -1010,43 +1028,43 @@ func (g *Generator) SetupPrivileged(privileged bool) {
 			}
 			finalCapList = append(finalCapList, fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String())))
 		}
-		g.initSpecLinux()
-		g.initSpecProcessCapabilities()
+		g.initConfigLinux()
+		g.initConfigProcessCapabilities()
 		g.ClearProcessCapabilities()
-		g.spec.Process.Capabilities.Bounding = append(g.spec.Process.Capabilities.Bounding, finalCapList...)
-		g.spec.Process.Capabilities.Effective = append(g.spec.Process.Capabilities.Effective, finalCapList...)
-		g.spec.Process.Capabilities.Inheritable = append(g.spec.Process.Capabilities.Inheritable, finalCapList...)
-		g.spec.Process.Capabilities.Permitted = append(g.spec.Process.Capabilities.Permitted, finalCapList...)
-		g.spec.Process.Capabilities.Ambient = append(g.spec.Process.Capabilities.Ambient, finalCapList...)
-		g.spec.Process.SelinuxLabel = ""
-		g.spec.Process.ApparmorProfile = ""
-		g.spec.Linux.Seccomp = nil
+		g.Config.Process.Capabilities.Bounding = append(g.Config.Process.Capabilities.Bounding, finalCapList...)
+		g.Config.Process.Capabilities.Effective = append(g.Config.Process.Capabilities.Effective, finalCapList...)
+		g.Config.Process.Capabilities.Inheritable = append(g.Config.Process.Capabilities.Inheritable, finalCapList...)
+		g.Config.Process.Capabilities.Permitted = append(g.Config.Process.Capabilities.Permitted, finalCapList...)
+		g.Config.Process.Capabilities.Ambient = append(g.Config.Process.Capabilities.Ambient, finalCapList...)
+		g.Config.Process.SelinuxLabel = ""
+		g.Config.Process.ApparmorProfile = ""
+		g.Config.Linux.Seccomp = nil
 	}
 }
 
-// ClearProcessCapabilities clear g.spec.Process.Capabilities.
+// ClearProcessCapabilities clear g.Config.Process.Capabilities.
 func (g *Generator) ClearProcessCapabilities() {
-	if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil {
+	if g.Config == nil || g.Config.Process == nil || g.Config.Process.Capabilities == nil {
 		return
 	}
-	g.spec.Process.Capabilities.Bounding = []string{}
-	g.spec.Process.Capabilities.Effective = []string{}
-	g.spec.Process.Capabilities.Inheritable = []string{}
-	g.spec.Process.Capabilities.Permitted = []string{}
-	g.spec.Process.Capabilities.Ambient = []string{}
+	g.Config.Process.Capabilities.Bounding = []string{}
+	g.Config.Process.Capabilities.Effective = []string{}
+	g.Config.Process.Capabilities.Inheritable = []string{}
+	g.Config.Process.Capabilities.Permitted = []string{}
+	g.Config.Process.Capabilities.Ambient = []string{}
 }
 
-// AddProcessCapabilityAmbient adds a process capability into g.spec.Process.Capabilities.Ambient.
+// AddProcessCapabilityAmbient adds a process capability into g.Config.Process.Capabilities.Ambient.
 func (g *Generator) AddProcessCapabilityAmbient(c string) error {
 	cp := strings.ToUpper(c)
 	if err := validate.CapValid(cp, g.HostSpecific); err != nil {
 		return err
 	}
 
-	g.initSpecProcessCapabilities()
+	g.initConfigProcessCapabilities()
 
 	var foundAmbient bool
-	for _, cap := range g.spec.Process.Capabilities.Ambient {
+	for _, cap := range g.Config.Process.Capabilities.Ambient {
 		if strings.ToUpper(cap) == cp {
 			foundAmbient = true
 			break
@@ -1054,178 +1072,178 @@ func (g *Generator) AddProcessCapabilityAmbient(c string) error {
 	}
 
 	if !foundAmbient {
-		g.spec.Process.Capabilities.Ambient = append(g.spec.Process.Capabilities.Ambient, cp)
+		g.Config.Process.Capabilities.Ambient = append(g.Config.Process.Capabilities.Ambient, cp)
 	}
 
 	return nil
 }
 
-// AddProcessCapabilityBounding adds a process capability into g.spec.Process.Capabilities.Bounding.
+// AddProcessCapabilityBounding adds a process capability into g.Config.Process.Capabilities.Bounding.
 func (g *Generator) AddProcessCapabilityBounding(c string) error {
 	cp := strings.ToUpper(c)
 	if err := validate.CapValid(cp, g.HostSpecific); err != nil {
 		return err
 	}
 
-	g.initSpecProcessCapabilities()
+	g.initConfigProcessCapabilities()
 
 	var foundBounding bool
-	for _, cap := range g.spec.Process.Capabilities.Bounding {
+	for _, cap := range g.Config.Process.Capabilities.Bounding {
 		if strings.ToUpper(cap) == cp {
 			foundBounding = true
 			break
 		}
 	}
 	if !foundBounding {
-		g.spec.Process.Capabilities.Bounding = append(g.spec.Process.Capabilities.Bounding, cp)
+		g.Config.Process.Capabilities.Bounding = append(g.Config.Process.Capabilities.Bounding, cp)
 	}
 
 	return nil
 }
 
-// AddProcessCapabilityEffective adds a process capability into g.spec.Process.Capabilities.Effective.
+// AddProcessCapabilityEffective adds a process capability into g.Config.Process.Capabilities.Effective.
 func (g *Generator) AddProcessCapabilityEffective(c string) error {
 	cp := strings.ToUpper(c)
 	if err := validate.CapValid(cp, g.HostSpecific); err != nil {
 		return err
 	}
 
-	g.initSpecProcessCapabilities()
+	g.initConfigProcessCapabilities()
 
 	var foundEffective bool
-	for _, cap := range g.spec.Process.Capabilities.Effective {
+	for _, cap := range g.Config.Process.Capabilities.Effective {
 		if strings.ToUpper(cap) == cp {
 			foundEffective = true
 			break
 		}
 	}
 	if !foundEffective {
-		g.spec.Process.Capabilities.Effective = append(g.spec.Process.Capabilities.Effective, cp)
+		g.Config.Process.Capabilities.Effective = append(g.Config.Process.Capabilities.Effective, cp)
 	}
 
 	return nil
 }
 
-// AddProcessCapabilityInheritable adds a process capability into g.spec.Process.Capabilities.Inheritable.
+// AddProcessCapabilityInheritable adds a process capability into g.Config.Process.Capabilities.Inheritable.
 func (g *Generator) AddProcessCapabilityInheritable(c string) error {
 	cp := strings.ToUpper(c)
 	if err := validate.CapValid(cp, g.HostSpecific); err != nil {
 		return err
 	}
 
-	g.initSpecProcessCapabilities()
+	g.initConfigProcessCapabilities()
 
 	var foundInheritable bool
-	for _, cap := range g.spec.Process.Capabilities.Inheritable {
+	for _, cap := range g.Config.Process.Capabilities.Inheritable {
 		if strings.ToUpper(cap) == cp {
 			foundInheritable = true
 			break
 		}
 	}
 	if !foundInheritable {
-		g.spec.Process.Capabilities.Inheritable = append(g.spec.Process.Capabilities.Inheritable, cp)
+		g.Config.Process.Capabilities.Inheritable = append(g.Config.Process.Capabilities.Inheritable, cp)
 	}
 
 	return nil
 }
 
-// AddProcessCapabilityPermitted adds a process capability into g.spec.Process.Capabilities.Permitted.
+// AddProcessCapabilityPermitted adds a process capability into g.Config.Process.Capabilities.Permitted.
 func (g *Generator) AddProcessCapabilityPermitted(c string) error {
 	cp := strings.ToUpper(c)
 	if err := validate.CapValid(cp, g.HostSpecific); err != nil {
 		return err
 	}
 
-	g.initSpecProcessCapabilities()
+	g.initConfigProcessCapabilities()
 
 	var foundPermitted bool
-	for _, cap := range g.spec.Process.Capabilities.Permitted {
+	for _, cap := range g.Config.Process.Capabilities.Permitted {
 		if strings.ToUpper(cap) == cp {
 			foundPermitted = true
 			break
 		}
 	}
 	if !foundPermitted {
-		g.spec.Process.Capabilities.Permitted = append(g.spec.Process.Capabilities.Permitted, cp)
+		g.Config.Process.Capabilities.Permitted = append(g.Config.Process.Capabilities.Permitted, cp)
 	}
 
 	return nil
 }
 
-// DropProcessCapabilityAmbient drops a process capability from g.spec.Process.Capabilities.Ambient.
+// DropProcessCapabilityAmbient drops a process capability from g.Config.Process.Capabilities.Ambient.
 func (g *Generator) DropProcessCapabilityAmbient(c string) error {
-	if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil {
+	if g.Config == nil || g.Config.Process == nil || g.Config.Process.Capabilities == nil {
 		return nil
 	}
 
 	cp := strings.ToUpper(c)
-	for i, cap := range g.spec.Process.Capabilities.Ambient {
+	for i, cap := range g.Config.Process.Capabilities.Ambient {
 		if strings.ToUpper(cap) == cp {
-			g.spec.Process.Capabilities.Ambient = removeFunc(g.spec.Process.Capabilities.Ambient, i)
+			g.Config.Process.Capabilities.Ambient = removeFunc(g.Config.Process.Capabilities.Ambient, i)
 		}
 	}
 
 	return validate.CapValid(cp, false)
 }
 
-// DropProcessCapabilityBounding drops a process capability from g.spec.Process.Capabilities.Bounding.
+// DropProcessCapabilityBounding drops a process capability from g.Config.Process.Capabilities.Bounding.
 func (g *Generator) DropProcessCapabilityBounding(c string) error {
-	if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil {
+	if g.Config == nil || g.Config.Process == nil || g.Config.Process.Capabilities == nil {
 		return nil
 	}
 
 	cp := strings.ToUpper(c)
-	for i, cap := range g.spec.Process.Capabilities.Bounding {
+	for i, cap := range g.Config.Process.Capabilities.Bounding {
 		if strings.ToUpper(cap) == cp {
-			g.spec.Process.Capabilities.Bounding = removeFunc(g.spec.Process.Capabilities.Bounding, i)
+			g.Config.Process.Capabilities.Bounding = removeFunc(g.Config.Process.Capabilities.Bounding, i)
 		}
 	}
 
 	return validate.CapValid(cp, false)
 }
 
-// DropProcessCapabilityEffective drops a process capability from g.spec.Process.Capabilities.Effective.
+// DropProcessCapabilityEffective drops a process capability from g.Config.Process.Capabilities.Effective.
 func (g *Generator) DropProcessCapabilityEffective(c string) error {
-	if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil {
+	if g.Config == nil || g.Config.Process == nil || g.Config.Process.Capabilities == nil {
 		return nil
 	}
 
 	cp := strings.ToUpper(c)
-	for i, cap := range g.spec.Process.Capabilities.Effective {
+	for i, cap := range g.Config.Process.Capabilities.Effective {
 		if strings.ToUpper(cap) == cp {
-			g.spec.Process.Capabilities.Effective = removeFunc(g.spec.Process.Capabilities.Effective, i)
+			g.Config.Process.Capabilities.Effective = removeFunc(g.Config.Process.Capabilities.Effective, i)
 		}
 	}
 
 	return validate.CapValid(cp, false)
 }
 
-// DropProcessCapabilityInheritable drops a process capability from g.spec.Process.Capabilities.Inheritable.
+// DropProcessCapabilityInheritable drops a process capability from g.Config.Process.Capabilities.Inheritable.
 func (g *Generator) DropProcessCapabilityInheritable(c string) error {
-	if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil {
+	if g.Config == nil || g.Config.Process == nil || g.Config.Process.Capabilities == nil {
 		return nil
 	}
 
 	cp := strings.ToUpper(c)
-	for i, cap := range g.spec.Process.Capabilities.Inheritable {
+	for i, cap := range g.Config.Process.Capabilities.Inheritable {
 		if strings.ToUpper(cap) == cp {
-			g.spec.Process.Capabilities.Inheritable = removeFunc(g.spec.Process.Capabilities.Inheritable, i)
+			g.Config.Process.Capabilities.Inheritable = removeFunc(g.Config.Process.Capabilities.Inheritable, i)
 		}
 	}
 
 	return validate.CapValid(cp, false)
 }
 
-// DropProcessCapabilityPermitted drops a process capability from g.spec.Process.Capabilities.Permitted.
+// DropProcessCapabilityPermitted drops a process capability from g.Config.Process.Capabilities.Permitted.
 func (g *Generator) DropProcessCapabilityPermitted(c string) error {
-	if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil {
+	if g.Config == nil || g.Config.Process == nil || g.Config.Process.Capabilities == nil {
 		return nil
 	}
 
 	cp := strings.ToUpper(c)
-	for i, cap := range g.spec.Process.Capabilities.Permitted {
+	for i, cap := range g.Config.Process.Capabilities.Permitted {
 		if strings.ToUpper(cap) == cp {
-			g.spec.Process.Capabilities.Ambient = removeFunc(g.spec.Process.Capabilities.Ambient, i)
+			g.Config.Process.Capabilities.Permitted = removeFunc(g.Config.Process.Capabilities.Permitted, i)
 		}
 	}
 
@@ -1253,59 +1271,59 @@ func mapStrToNamespace(ns string, path string) (rspec.LinuxNamespace, error) {
 	}
 }
 
-// ClearLinuxNamespaces clear g.spec.Linux.Namespaces.
+// ClearLinuxNamespaces clear g.Config.Linux.Namespaces.
 func (g *Generator) ClearLinuxNamespaces() {
-	if g.spec == nil || g.spec.Linux == nil {
+	if g.Config == nil || g.Config.Linux == nil {
 		return
 	}
-	g.spec.Linux.Namespaces = []rspec.LinuxNamespace{}
+	g.Config.Linux.Namespaces = []rspec.LinuxNamespace{}
 }
 
 // AddOrReplaceLinuxNamespace adds or replaces a namespace inside
-// g.spec.Linux.Namespaces.
+// g.Config.Linux.Namespaces.
 func (g *Generator) AddOrReplaceLinuxNamespace(ns string, path string) error {
 	namespace, err := mapStrToNamespace(ns, path)
 	if err != nil {
 		return err
 	}
 
-	g.initSpecLinux()
-	for i, ns := range g.spec.Linux.Namespaces {
+	g.initConfigLinux()
+	for i, ns := range g.Config.Linux.Namespaces {
 		if ns.Type == namespace.Type {
-			g.spec.Linux.Namespaces[i] = namespace
+			g.Config.Linux.Namespaces[i] = namespace
 			return nil
 		}
 	}
-	g.spec.Linux.Namespaces = append(g.spec.Linux.Namespaces, namespace)
+	g.Config.Linux.Namespaces = append(g.Config.Linux.Namespaces, namespace)
 	return nil
 }
 
-// RemoveLinuxNamespace removes a namespace from g.spec.Linux.Namespaces.
+// RemoveLinuxNamespace removes a namespace from g.Config.Linux.Namespaces.
 func (g *Generator) RemoveLinuxNamespace(ns string) error {
 	namespace, err := mapStrToNamespace(ns, "")
 	if err != nil {
 		return err
 	}
 
-	if g.spec == nil || g.spec.Linux == nil {
+	if g.Config == nil || g.Config.Linux == nil {
 		return nil
 	}
-	for i, ns := range g.spec.Linux.Namespaces {
+	for i, ns := range g.Config.Linux.Namespaces {
 		if ns.Type == namespace.Type {
-			g.spec.Linux.Namespaces = append(g.spec.Linux.Namespaces[:i], g.spec.Linux.Namespaces[i+1:]...)
+			g.Config.Linux.Namespaces = append(g.Config.Linux.Namespaces[:i], g.Config.Linux.Namespaces[i+1:]...)
 			return nil
 		}
 	}
 	return nil
 }
 
-// AddDevice - add a device into g.spec.Linux.Devices
+// AddDevice - add a device into g.Config.Linux.Devices
 func (g *Generator) AddDevice(device rspec.LinuxDevice) {
-	g.initSpecLinux()
+	g.initConfigLinux()
 
-	for i, dev := range g.spec.Linux.Devices {
+	for i, dev := range g.Config.Linux.Devices {
 		if dev.Path == device.Path {
-			g.spec.Linux.Devices[i] = device
+			g.Config.Linux.Devices[i] = device
 			return
 		}
 		if dev.Type == device.Type && dev.Major == device.Major && dev.Minor == device.Minor {
@@ -1313,35 +1331,35 @@ func (g *Generator) AddDevice(device rspec.LinuxDevice) {
 		}
 	}
 
-	g.spec.Linux.Devices = append(g.spec.Linux.Devices, device)
+	g.Config.Linux.Devices = append(g.Config.Linux.Devices, device)
 }
 
-// RemoveDevice remove a device from g.spec.Linux.Devices
+// RemoveDevice remove a device from g.Config.Linux.Devices
 func (g *Generator) RemoveDevice(path string) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Devices == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Devices == nil {
 		return
 	}
 
-	for i, device := range g.spec.Linux.Devices {
+	for i, device := range g.Config.Linux.Devices {
 		if device.Path == path {
-			g.spec.Linux.Devices = append(g.spec.Linux.Devices[:i], g.spec.Linux.Devices[i+1:]...)
+			g.Config.Linux.Devices = append(g.Config.Linux.Devices[:i], g.Config.Linux.Devices[i+1:]...)
 			return
 		}
 	}
 }
 
-// ClearLinuxDevices clears g.spec.Linux.Devices
+// ClearLinuxDevices clears g.Config.Linux.Devices
 func (g *Generator) ClearLinuxDevices() {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Devices == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Devices == nil {
 		return
 	}
 
-	g.spec.Linux.Devices = []rspec.LinuxDevice{}
+	g.Config.Linux.Devices = []rspec.LinuxDevice{}
 }
 
-// AddLinuxResourcesDevice - add a device into g.spec.Linux.Resources.Devices
+// AddLinuxResourcesDevice - add a device into g.Config.Linux.Resources.Devices
 func (g *Generator) AddLinuxResourcesDevice(allow bool, devType string, major, minor *int64, access string) {
-	g.initSpecLinuxResources()
+	g.initConfigLinuxResources()
 
 	device := rspec.LinuxDeviceCgroup{
 		Allow:  allow,
@@ -1350,22 +1368,22 @@ func (g *Generator) AddLinuxResourcesDevice(allow bool, devType string, major, m
 		Major:  major,
 		Minor:  minor,
 	}
-	g.spec.Linux.Resources.Devices = append(g.spec.Linux.Resources.Devices, device)
+	g.Config.Linux.Resources.Devices = append(g.Config.Linux.Resources.Devices, device)
 }
 
-// RemoveLinuxResourcesDevice - remove a device from g.spec.Linux.Resources.Devices
+// RemoveLinuxResourcesDevice - remove a device from g.Config.Linux.Resources.Devices
 func (g *Generator) RemoveLinuxResourcesDevice(allow bool, devType string, major, minor *int64, access string) {
-	if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil {
+	if g.Config == nil || g.Config.Linux == nil || g.Config.Linux.Resources == nil {
 		return
 	}
-	for i, device := range g.spec.Linux.Resources.Devices {
+	for i, device := range g.Config.Linux.Resources.Devices {
 		if device.Allow == allow &&
 			(devType == device.Type || (devType != "" && device.Type != "" && devType == device.Type)) &&
 			(access == device.Access || (access != "" && device.Access != "" && access == device.Access)) &&
 			(major == device.Major || (major != nil && device.Major != nil && *major == *device.Major)) &&
 			(minor == device.Minor || (minor != nil && device.Minor != nil && *minor == *device.Minor)) {
 
-			g.spec.Linux.Resources.Devices = append(g.spec.Linux.Resources.Devices[:i], g.spec.Linux.Resources.Devices[i+1:]...)
+			g.Config.Linux.Resources.Devices = append(g.Config.Linux.Resources.Devices[:i], g.Config.Linux.Resources.Devices[i+1:]...)
 			return
 		}
 	}
@@ -1377,51 +1395,51 @@ func strPtr(s string) *string { return &s }
 
 // SetSyscallAction adds rules for syscalls with the specified action
 func (g *Generator) SetSyscallAction(arguments seccomp.SyscallOpts) error {
-	g.initSpecLinuxSeccomp()
-	return seccomp.ParseSyscallFlag(arguments, g.spec.Linux.Seccomp)
+	g.initConfigLinuxSeccomp()
+	return seccomp.ParseSyscallFlag(arguments, g.Config.Linux.Seccomp)
 }
 
 // SetDefaultSeccompAction sets the default action for all syscalls not defined
 // and then removes any syscall rules with this action already specified.
 func (g *Generator) SetDefaultSeccompAction(action string) error {
-	g.initSpecLinuxSeccomp()
-	return seccomp.ParseDefaultAction(action, g.spec.Linux.Seccomp)
+	g.initConfigLinuxSeccomp()
+	return seccomp.ParseDefaultAction(action, g.Config.Linux.Seccomp)
 }
 
 // SetDefaultSeccompActionForce only sets the default action for all syscalls not defined
 func (g *Generator) SetDefaultSeccompActionForce(action string) error {
-	g.initSpecLinuxSeccomp()
-	return seccomp.ParseDefaultActionForce(action, g.spec.Linux.Seccomp)
+	g.initConfigLinuxSeccomp()
+	return seccomp.ParseDefaultActionForce(action, g.Config.Linux.Seccomp)
 }
 
 // SetSeccompArchitecture sets the supported seccomp architectures
 func (g *Generator) SetSeccompArchitecture(architecture string) error {
-	g.initSpecLinuxSeccomp()
-	return seccomp.ParseArchitectureFlag(architecture, g.spec.Linux.Seccomp)
+	g.initConfigLinuxSeccomp()
+	return seccomp.ParseArchitectureFlag(architecture, g.Config.Linux.Seccomp)
 }
 
 // RemoveSeccompRule removes rules for any specified syscalls
 func (g *Generator) RemoveSeccompRule(arguments string) error {
-	g.initSpecLinuxSeccomp()
-	return seccomp.RemoveAction(arguments, g.spec.Linux.Seccomp)
+	g.initConfigLinuxSeccomp()
+	return seccomp.RemoveAction(arguments, g.Config.Linux.Seccomp)
 }
 
 // RemoveAllSeccompRules removes all syscall rules
 func (g *Generator) RemoveAllSeccompRules() error {
-	g.initSpecLinuxSeccomp()
-	return seccomp.RemoveAllSeccompRules(g.spec.Linux.Seccomp)
+	g.initConfigLinuxSeccomp()
+	return seccomp.RemoveAllSeccompRules(g.Config.Linux.Seccomp)
 }
 
-// AddLinuxMaskedPaths adds masked paths into g.spec.Linux.MaskedPaths.
+// AddLinuxMaskedPaths adds masked paths into g.Config.Linux.MaskedPaths.
 func (g *Generator) AddLinuxMaskedPaths(path string) {
-	g.initSpecLinux()
-	g.spec.Linux.MaskedPaths = append(g.spec.Linux.MaskedPaths, path)
+	g.initConfigLinux()
+	g.Config.Linux.MaskedPaths = append(g.Config.Linux.MaskedPaths, path)
 }
 
-// AddLinuxReadonlyPaths adds readonly paths into g.spec.Linux.MaskedPaths.
+// AddLinuxReadonlyPaths adds readonly paths into g.Config.Linux.MaskedPaths.
 func (g *Generator) AddLinuxReadonlyPaths(path string) {
-	g.initSpecLinux()
-	g.spec.Linux.ReadonlyPaths = append(g.spec.Linux.ReadonlyPaths, path)
+	g.initConfigLinux()
+	g.Config.Linux.ReadonlyPaths = append(g.Config.Linux.ReadonlyPaths, path)
 }
 
 func addOrReplaceBlockIOThrottleDevice(tmpList []rspec.LinuxThrottleDevice, major int64, minor int64, rate uint64) []rspec.LinuxThrottleDevice {
@@ -1453,92 +1471,92 @@ func dropBlockIOThrottleDevice(tmpList []rspec.LinuxThrottleDevice, major int64,
 	return throttleDevices
 }
 
-// AddSolarisAnet adds network into g.spec.Solaris.Anet
+// AddSolarisAnet adds network into g.Config.Solaris.Anet
 func (g *Generator) AddSolarisAnet(anet rspec.SolarisAnet) {
-	g.initSpecSolaris()
-	g.spec.Solaris.Anet = append(g.spec.Solaris.Anet, anet)
+	g.initConfigSolaris()
+	g.Config.Solaris.Anet = append(g.Config.Solaris.Anet, anet)
 }
 
-// SetSolarisCappedCPUNcpus sets g.spec.Solaris.CappedCPU.Ncpus
+// SetSolarisCappedCPUNcpus sets g.Config.Solaris.CappedCPU.Ncpus
 func (g *Generator) SetSolarisCappedCPUNcpus(ncpus string) {
-	g.initSpecSolarisCappedCPU()
-	g.spec.Solaris.CappedCPU.Ncpus = ncpus
+	g.initConfigSolarisCappedCPU()
+	g.Config.Solaris.CappedCPU.Ncpus = ncpus
 }
 
-// SetSolarisCappedMemoryPhysical sets g.spec.Solaris.CappedMemory.Physical
+// SetSolarisCappedMemoryPhysical sets g.Config.Solaris.CappedMemory.Physical
 func (g *Generator) SetSolarisCappedMemoryPhysical(physical string) {
-	g.initSpecSolarisCappedMemory()
-	g.spec.Solaris.CappedMemory.Physical = physical
+	g.initConfigSolarisCappedMemory()
+	g.Config.Solaris.CappedMemory.Physical = physical
 }
 
-// SetSolarisCappedMemorySwap sets g.spec.Solaris.CappedMemory.Swap
+// SetSolarisCappedMemorySwap sets g.Config.Solaris.CappedMemory.Swap
 func (g *Generator) SetSolarisCappedMemorySwap(swap string) {
-	g.initSpecSolarisCappedMemory()
-	g.spec.Solaris.CappedMemory.Swap = swap
+	g.initConfigSolarisCappedMemory()
+	g.Config.Solaris.CappedMemory.Swap = swap
 }
 
-// SetSolarisLimitPriv sets g.spec.Solaris.LimitPriv
+// SetSolarisLimitPriv sets g.Config.Solaris.LimitPriv
 func (g *Generator) SetSolarisLimitPriv(limitPriv string) {
-	g.initSpecSolaris()
-	g.spec.Solaris.LimitPriv = limitPriv
+	g.initConfigSolaris()
+	g.Config.Solaris.LimitPriv = limitPriv
 }
 
-// SetSolarisMaxShmMemory sets g.spec.Solaris.MaxShmMemory
+// SetSolarisMaxShmMemory sets g.Config.Solaris.MaxShmMemory
 func (g *Generator) SetSolarisMaxShmMemory(memory string) {
-	g.initSpecSolaris()
-	g.spec.Solaris.MaxShmMemory = memory
+	g.initConfigSolaris()
+	g.Config.Solaris.MaxShmMemory = memory
 }
 
-// SetSolarisMilestone sets g.spec.Solaris.Milestone
+// SetSolarisMilestone sets g.Config.Solaris.Milestone
 func (g *Generator) SetSolarisMilestone(milestone string) {
-	g.initSpecSolaris()
-	g.spec.Solaris.Milestone = milestone
+	g.initConfigSolaris()
+	g.Config.Solaris.Milestone = milestone
 }
 
-// SetWindowsHypervUntilityVMPath sets g.spec.Windows.HyperV.UtilityVMPath.
+// SetWindowsHypervUntilityVMPath sets g.Config.Windows.HyperV.UtilityVMPath.
 func (g *Generator) SetWindowsHypervUntilityVMPath(path string) {
-	g.initSpecWindowsHyperV()
-	g.spec.Windows.HyperV.UtilityVMPath = path
+	g.initConfigWindowsHyperV()
+	g.Config.Windows.HyperV.UtilityVMPath = path
 }
 
-// SetWinodwsIgnoreFlushesDuringBoot sets g.spec.Winodws.IgnoreFlushesDuringBoot.
+// SetWinodwsIgnoreFlushesDuringBoot sets g.Config.Winodws.IgnoreFlushesDuringBoot.
 func (g *Generator) SetWinodwsIgnoreFlushesDuringBoot(ignore bool) {
-	g.initSpecWindows()
-	g.spec.Windows.IgnoreFlushesDuringBoot = ignore
+	g.initConfigWindows()
+	g.Config.Windows.IgnoreFlushesDuringBoot = ignore
 }
 
-// AddWindowsLayerFolders adds layer folders into  g.spec.Windows.LayerFolders.
+// AddWindowsLayerFolders adds layer folders into  g.Config.Windows.LayerFolders.
 func (g *Generator) AddWindowsLayerFolders(folder string) {
-	g.initSpecWindows()
-	g.spec.Windows.LayerFolders = append(g.spec.Windows.LayerFolders, folder)
+	g.initConfigWindows()
+	g.Config.Windows.LayerFolders = append(g.Config.Windows.LayerFolders, folder)
 }
 
-// SetWindowsNetwork sets g.spec.Windows.Network.
+// SetWindowsNetwork sets g.Config.Windows.Network.
 func (g *Generator) SetWindowsNetwork(network rspec.WindowsNetwork) {
-	g.initSpecWindows()
-	g.spec.Windows.Network = &network
+	g.initConfigWindows()
+	g.Config.Windows.Network = &network
 }
 
-// SetWindowsResourcesCPU sets g.spec.Windows.Resources.CPU.
+// SetWindowsResourcesCPU sets g.Config.Windows.Resources.CPU.
 func (g *Generator) SetWindowsResourcesCPU(cpu rspec.WindowsCPUResources) {
-	g.initSpecWindowsResources()
-	g.spec.Windows.Resources.CPU = &cpu
+	g.initConfigWindowsResources()
+	g.Config.Windows.Resources.CPU = &cpu
 }
 
-// SetWindowsResourcesMemoryLimit sets g.spec.Windows.Resources.Memory.Limit.
+// SetWindowsResourcesMemoryLimit sets g.Config.Windows.Resources.Memory.Limit.
 func (g *Generator) SetWindowsResourcesMemoryLimit(limit uint64) {
-	g.initSpecWindowsResourcesMemory()
-	g.spec.Windows.Resources.Memory.Limit = &limit
+	g.initConfigWindowsResourcesMemory()
+	g.Config.Windows.Resources.Memory.Limit = &limit
 }
 
-// SetWindowsResourcesStorage sets g.spec.Windows.Resources.Storage.
+// SetWindowsResourcesStorage sets g.Config.Windows.Resources.Storage.
 func (g *Generator) SetWindowsResourcesStorage(storage rspec.WindowsStorageResources) {
-	g.initSpecWindowsResources()
-	g.spec.Windows.Resources.Storage = &storage
+	g.initConfigWindowsResources()
+	g.Config.Windows.Resources.Storage = &storage
 }
 
-// SetWinodwsServicing sets g.spec.Winodws.Servicing.
+// SetWinodwsServicing sets g.Config.Winodws.Servicing.
 func (g *Generator) SetWinodwsServicing(servicing bool) {
-	g.initSpecWindows()
-	g.spec.Windows.Servicing = servicing
+	g.initConfigWindows()
+	g.Config.Windows.Servicing = servicing
 }
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
index 35b12cd65..5fee5a3b2 100644
--- a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default.go
@@ -2,7 +2,6 @@ package seccomp
 
 import (
 	"runtime"
-	"syscall"
 
 	"github.com/opencontainers/runtime-spec/specs-go"
 	rspec "github.com/opencontainers/runtime-spec/specs-go"
@@ -513,7 +512,7 @@ func DefaultProfile(rs *specs.Spec) *rspec.LinuxSeccomp {
 				Args: []rspec.LinuxSeccompArg{
 					{
 						Index:    sysCloneFlagsIndex,
-						Value:    syscall.CLONE_NEWNS | syscall.CLONE_NEWUTS | syscall.CLONE_NEWIPC | syscall.CLONE_NEWUSER | syscall.CLONE_NEWPID | syscall.CLONE_NEWNET,
+						Value:    CloneNewNS | CloneNewUTS | CloneNewIPC | CloneNewUser | CloneNewPID | CloneNewNet,
 						ValueTwo: 0,
 						Op:       rspec.OpMaskedEqual,
 					},
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
new file mode 100644
index 000000000..311587437
--- /dev/null
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_linux.go
@@ -0,0 +1,15 @@
+// +build linux
+
+package seccomp
+
+import "syscall"
+
+// System values passed through on linux
+const (
+	CloneNewIPC  = syscall.CLONE_NEWIPC
+	CloneNewNet  = syscall.CLONE_NEWNET
+	CloneNewNS   = syscall.CLONE_NEWNS
+	CloneNewPID  = syscall.CLONE_NEWPID
+	CloneNewUser = syscall.CLONE_NEWUSER
+	CloneNewUTS  = syscall.CLONE_NEWUTS
+)
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go
new file mode 100644
index 000000000..589b81c16
--- /dev/null
+++ b/vendor/github.com/opencontainers/runtime-tools/generate/seccomp/seccomp_default_unsupported.go
@@ -0,0 +1,15 @@
+// +build !linux
+
+package seccomp
+
+// These are copied from linux/amd64 syscall values, as a reference for other
+// platforms to have access to
+const (
+	CloneNewIPC    = 0x8000000
+	CloneNewNet    = 0x40000000
+	CloneNewNS     = 0x20000
+	CloneNewPID    = 0x20000000
+	CloneNewUser   = 0x10000000
+	CloneNewUTS    = 0x4000000
+	CloneNewCgroup = 0x02000000
+)
diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/spec.go b/vendor/github.com/opencontainers/runtime-tools/generate/spec.go
deleted file mode 100644
index d7a6da81d..000000000
--- a/vendor/github.com/opencontainers/runtime-tools/generate/spec.go
+++ /dev/null
@@ -1,172 +0,0 @@
-package generate
-
-import (
-	rspec "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func (g *Generator) initSpec() {
-	if g.spec == nil {
-		g.spec = &rspec.Spec{}
-	}
-}
-
-func (g *Generator) initSpecProcess() {
-	g.initSpec()
-	if g.spec.Process == nil {
-		g.spec.Process = &rspec.Process{}
-	}
-}
-
-func (g *Generator) initSpecProcessConsoleSize() {
-	g.initSpecProcess()
-	if g.spec.Process.ConsoleSize == nil {
-		g.spec.Process.ConsoleSize = &rspec.Box{}
-	}
-}
-
-func (g *Generator) initSpecProcessCapabilities() {
-	g.initSpecProcess()
-	if g.spec.Process.Capabilities == nil {
-		g.spec.Process.Capabilities = &rspec.LinuxCapabilities{}
-	}
-}
-
-func (g *Generator) initSpecRoot() {
-	g.initSpec()
-	if g.spec.Root == nil {
-		g.spec.Root = &rspec.Root{}
-	}
-}
-
-func (g *Generator) initSpecAnnotations() {
-	g.initSpec()
-	if g.spec.Annotations == nil {
-		g.spec.Annotations = make(map[string]string)
-	}
-}
-
-func (g *Generator) initSpecHooks() {
-	g.initSpec()
-	if g.spec.Hooks == nil {
-		g.spec.Hooks = &rspec.Hooks{}
-	}
-}
-
-func (g *Generator) initSpecLinux() {
-	g.initSpec()
-	if g.spec.Linux == nil {
-		g.spec.Linux = &rspec.Linux{}
-	}
-}
-
-func (g *Generator) initSpecLinuxIntelRdt() {
-	g.initSpecLinux()
-	if g.spec.Linux.IntelRdt == nil {
-		g.spec.Linux.IntelRdt = &rspec.LinuxIntelRdt{}
-	}
-}
-
-func (g *Generator) initSpecLinuxSysctl() {
-	g.initSpecLinux()
-	if g.spec.Linux.Sysctl == nil {
-		g.spec.Linux.Sysctl = make(map[string]string)
-	}
-}
-
-func (g *Generator) initSpecLinuxSeccomp() {
-	g.initSpecLinux()
-	if g.spec.Linux.Seccomp == nil {
-		g.spec.Linux.Seccomp = &rspec.LinuxSeccomp{}
-	}
-}
-
-func (g *Generator) initSpecLinuxResources() {
-	g.initSpecLinux()
-	if g.spec.Linux.Resources == nil {
-		g.spec.Linux.Resources = &rspec.LinuxResources{}
-	}
-}
-
-func (g *Generator) initSpecLinuxResourcesBlockIO() {
-	g.initSpecLinuxResources()
-	if g.spec.Linux.Resources.BlockIO == nil {
-		g.spec.Linux.Resources.BlockIO = &rspec.LinuxBlockIO{}
-	}
-}
-
-func (g *Generator) initSpecLinuxResourcesCPU() {
-	g.initSpecLinuxResources()
-	if g.spec.Linux.Resources.CPU == nil {
-		g.spec.Linux.Resources.CPU = &rspec.LinuxCPU{}
-	}
-}
-
-func (g *Generator) initSpecLinuxResourcesMemory() {
-	g.initSpecLinuxResources()
-	if g.spec.Linux.Resources.Memory == nil {
-		g.spec.Linux.Resources.Memory = &rspec.LinuxMemory{}
-	}
-}
-
-func (g *Generator) initSpecLinuxResourcesNetwork() {
-	g.initSpecLinuxResources()
-	if g.spec.Linux.Resources.Network == nil {
-		g.spec.Linux.Resources.Network = &rspec.LinuxNetwork{}
-	}
-}
-
-func (g *Generator) initSpecLinuxResourcesPids() {
-	g.initSpecLinuxResources()
-	if g.spec.Linux.Resources.Pids == nil {
-		g.spec.Linux.Resources.Pids = &rspec.LinuxPids{}
-	}
-}
-
-func (g *Generator) initSpecSolaris() {
-	g.initSpec()
-	if g.spec.Solaris == nil {
-		g.spec.Solaris = &rspec.Solaris{}
-	}
-}
-
-func (g *Generator) initSpecSolarisCappedCPU() {
-	g.initSpecSolaris()
-	if g.spec.Solaris.CappedCPU == nil {
-		g.spec.Solaris.CappedCPU = &rspec.SolarisCappedCPU{}
-	}
-}
-
-func (g *Generator) initSpecSolarisCappedMemory() {
-	g.initSpecSolaris()
-	if g.spec.Solaris.CappedMemory == nil {
-		g.spec.Solaris.CappedMemory = &rspec.SolarisCappedMemory{}
-	}
-}
-
-func (g *Generator) initSpecWindows() {
-	g.initSpec()
-	if g.spec.Windows == nil {
-		g.spec.Windows = &rspec.Windows{}
-	}
-}
-
-func (g *Generator) initSpecWindowsHyperV() {
-	g.initSpecWindows()
-	if g.spec.Windows.HyperV == nil {
-		g.spec.Windows.HyperV = &rspec.WindowsHyperV{}
-	}
-}
-
-func (g *Generator) initSpecWindowsResources() {
-	g.initSpecWindows()
-	if g.spec.Windows.Resources == nil {
-		g.spec.Windows.Resources = &rspec.WindowsResources{}
-	}
-}
-
-func (g *Generator) initSpecWindowsResourcesMemory() {
-	g.initSpecWindowsResources()
-	if g.spec.Windows.Resources.Memory == nil {
-		g.spec.Windows.Resources.Memory = &rspec.WindowsMemoryResources{}
-	}
-}
author	baude <bbaude@redhat.com>	2018-06-26 13:50:12 -0500
committer	Atomic Bot <atomic-devel@projectatomic.io>	2018-06-27 15:16:02 +0000
commit	f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3 (patch)
tree	55a2c6e560625df8b8e176e4ac9cb2214480d3ab /vendor/github.com/opencontainers/runtime-tools/generate
parent	19f5a504ffb1470991f331db412be456e41caab5 (diff)
download	podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.tar.gz podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.tar.bz2 podman-f6c0fc1aa854ae5ce73d57ecb09d47c0d4dd2cc3.zip