From dd0d35deb098b63f8c5be7ef9d8d63c16760221b Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 10 Jan 2018 15:58:18 -0500 Subject: Add support for shm-size. Signed-off-by: Daniel J Walsh Closes: #206 Approved by: TomSweeneyRedHat --- .../runtime-tools/generate/generate.go | 539 ++++++++++++++------- 1 file changed, 360 insertions(+), 179 deletions(-) (limited to 'vendor/github.com/opencontainers/runtime-tools/generate/generate.go') diff --git a/vendor/github.com/opencontainers/runtime-tools/generate/generate.go b/vendor/github.com/opencontainers/runtime-tools/generate/generate.go index 5a1f5543e..d2951b52d 100644 --- a/vendor/github.com/opencontainers/runtime-tools/generate/generate.go +++ b/vendor/github.com/opencontainers/runtime-tools/generate/generate.go @@ -233,6 +233,7 @@ func NewFromFile(path string) (Generator, error) { if os.IsNotExist(err) { return Generator{}, fmt.Errorf("template configuration at %s not found", path) } + return Generator{}, err } defer cf.Close() @@ -439,17 +440,16 @@ func (g *Generator) AddProcessRlimits(rType string, rHard uint64, rSoft uint64) } // RemoveProcessRlimits removes a rlimit from g.spec.Process.Rlimits. -func (g *Generator) RemoveProcessRlimits(rType string) error { +func (g *Generator) RemoveProcessRlimits(rType string) { if g.spec == nil || g.spec.Process == nil { - return nil + return } for i, rlimit := range g.spec.Process.Rlimits { if rlimit.Type == rType { g.spec.Process.Rlimits = append(g.spec.Process.Rlimits[:i], g.spec.Process.Rlimits[i+1:]...) - return nil + return } } - return nil } // ClearProcessRlimits clear g.spec.Process.Rlimits. @@ -491,6 +491,12 @@ func (g *Generator) SetLinuxCgroupsPath(path string) { g.spec.Linux.CgroupsPath = path } +// SetLinuxIntelRdtL3CacheSchema sets g.spec.Linux.IntelRdt.L3CacheSchema +func (g *Generator) SetLinuxIntelRdtL3CacheSchema(schema string) { + g.initSpecLinuxIntelRdt() + g.spec.Linux.IntelRdt.L3CacheSchema = schema +} + // SetLinuxMountLabel sets g.spec.Linux.MountLabel. func (g *Generator) SetLinuxMountLabel(label string) { g.initSpecLinux() @@ -503,6 +509,162 @@ func (g *Generator) SetProcessOOMScoreAdj(adj int) { g.spec.Process.OOMScoreAdj = &adj } +// SetLinuxResourcesBlockIOLeafWeight sets g.spec.Linux.Resources.BlockIO.LeafWeight. +func (g *Generator) SetLinuxResourcesBlockIOLeafWeight(weight uint16) { + g.initSpecLinuxResourcesBlockIO() + g.spec.Linux.Resources.BlockIO.LeafWeight = &weight +} + +// AddLinuxResourcesBlockIOLeafWeightDevice adds or sets g.spec.Linux.Resources.BlockIO.WeightDevice.LeafWeight. +func (g *Generator) AddLinuxResourcesBlockIOLeafWeightDevice(major int64, minor int64, weight uint16) { + g.initSpecLinuxResourcesBlockIO() + for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice { + if weightDevice.Major == major && weightDevice.Minor == minor { + g.spec.Linux.Resources.BlockIO.WeightDevice[i].LeafWeight = &weight + return + } + } + weightDevice := new(rspec.LinuxWeightDevice) + weightDevice.Major = major + weightDevice.Minor = minor + weightDevice.LeafWeight = &weight + g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice, *weightDevice) +} + +// DropLinuxResourcesBlockIOLeafWeightDevice drops a item form g.spec.Linux.Resources.BlockIO.WeightDevice.LeafWeight +func (g *Generator) DropLinuxResourcesBlockIOLeafWeightDevice(major int64, minor int64) { + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil { + return + } + + for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice { + if weightDevice.Major == major && weightDevice.Minor == minor { + if weightDevice.Weight != nil { + newWeightDevice := new(rspec.LinuxWeightDevice) + newWeightDevice.Major = major + newWeightDevice.Minor = minor + newWeightDevice.Weight = weightDevice.Weight + g.spec.Linux.Resources.BlockIO.WeightDevice[i] = *newWeightDevice + } else { + g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice[:i], g.spec.Linux.Resources.BlockIO.WeightDevice[i+1:]...) + } + return + } + } +} + +// SetLinuxResourcesBlockIOWeight sets g.spec.Linux.Resources.BlockIO.Weight. +func (g *Generator) SetLinuxResourcesBlockIOWeight(weight uint16) { + g.initSpecLinuxResourcesBlockIO() + g.spec.Linux.Resources.BlockIO.Weight = &weight +} + +// AddLinuxResourcesBlockIOWeightDevice adds or sets g.spec.Linux.Resources.BlockIO.WeightDevice.Weight. +func (g *Generator) AddLinuxResourcesBlockIOWeightDevice(major int64, minor int64, weight uint16) { + g.initSpecLinuxResourcesBlockIO() + for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice { + if weightDevice.Major == major && weightDevice.Minor == minor { + g.spec.Linux.Resources.BlockIO.WeightDevice[i].Weight = &weight + return + } + } + weightDevice := new(rspec.LinuxWeightDevice) + weightDevice.Major = major + weightDevice.Minor = minor + weightDevice.Weight = &weight + g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice, *weightDevice) +} + +// DropLinuxResourcesBlockIOWeightDevice drops a item form g.spec.Linux.Resources.BlockIO.WeightDevice.Weight +func (g *Generator) DropLinuxResourcesBlockIOWeightDevice(major int64, minor int64) { + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil { + return + } + + for i, weightDevice := range g.spec.Linux.Resources.BlockIO.WeightDevice { + if weightDevice.Major == major && weightDevice.Minor == minor { + if weightDevice.LeafWeight != nil { + newWeightDevice := new(rspec.LinuxWeightDevice) + newWeightDevice.Major = major + newWeightDevice.Minor = minor + newWeightDevice.LeafWeight = weightDevice.LeafWeight + g.spec.Linux.Resources.BlockIO.WeightDevice[i] = *newWeightDevice + } else { + g.spec.Linux.Resources.BlockIO.WeightDevice = append(g.spec.Linux.Resources.BlockIO.WeightDevice[:i], g.spec.Linux.Resources.BlockIO.WeightDevice[i+1:]...) + } + return + } + } +} + +// AddLinuxResourcesBlockIOThrottleReadBpsDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice. +func (g *Generator) AddLinuxResourcesBlockIOThrottleReadBpsDevice(major int64, minor int64, rate uint64) { + g.initSpecLinuxResourcesBlockIO() + throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice, major, minor, rate) + g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice = throttleDevices +} + +// DropLinuxResourcesBlockIOThrottleReadBpsDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice. +func (g *Generator) DropLinuxResourcesBlockIOThrottleReadBpsDevice(major int64, minor int64) { + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil { + return + } + + throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice, major, minor) + g.spec.Linux.Resources.BlockIO.ThrottleReadBpsDevice = throttleDevices +} + +// AddLinuxResourcesBlockIOThrottleReadIOPSDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice. +func (g *Generator) AddLinuxResourcesBlockIOThrottleReadIOPSDevice(major int64, minor int64, rate uint64) { + g.initSpecLinuxResourcesBlockIO() + throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice, major, minor, rate) + g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice = throttleDevices +} + +// DropLinuxResourcesBlockIOThrottleReadIOPSDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice. +func (g *Generator) DropLinuxResourcesBlockIOThrottleReadIOPSDevice(major int64, minor int64) { + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil { + return + } + + throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice, major, minor) + g.spec.Linux.Resources.BlockIO.ThrottleReadIOPSDevice = throttleDevices +} + +// AddLinuxResourcesBlockIOThrottleWriteBpsDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice. +func (g *Generator) AddLinuxResourcesBlockIOThrottleWriteBpsDevice(major int64, minor int64, rate uint64) { + g.initSpecLinuxResourcesBlockIO() + throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice, major, minor, rate) + g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice = throttleDevices +} + +// DropLinuxResourcesBlockIOThrottleWriteBpsDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice. +func (g *Generator) DropLinuxResourcesBlockIOThrottleWriteBpsDevice(major int64, minor int64) { + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil { + return + } + + throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice, major, minor) + g.spec.Linux.Resources.BlockIO.ThrottleWriteBpsDevice = throttleDevices +} + +// AddLinuxResourcesBlockIOThrottleWriteIOPSDevice adds or sets g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice. +func (g *Generator) AddLinuxResourcesBlockIOThrottleWriteIOPSDevice(major int64, minor int64, rate uint64) { + g.initSpecLinuxResourcesBlockIO() + throttleDevices := addOrReplaceBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice, major, minor, rate) + g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice = throttleDevices +} + +// DropLinuxResourcesBlockIOThrottleWriteIOPSDevice drops a item from g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice. +func (g *Generator) DropLinuxResourcesBlockIOThrottleWriteIOPSDevice(major int64, minor int64) { + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.BlockIO == nil { + return + } + + throttleDevices := dropBlockIOThrottleDevice(g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice, major, minor) + g.spec.Linux.Resources.BlockIO.ThrottleWriteIOPSDevice = throttleDevices +} + // SetLinuxResourcesCPUShares sets g.spec.Linux.Resources.CPU.Shares. func (g *Generator) SetLinuxResourcesCPUShares(shares uint64) { g.initSpecLinuxResourcesCPU() @@ -563,16 +725,17 @@ func (g *Generator) AddLinuxResourcesHugepageLimit(pageSize string, limit uint64 } // DropLinuxResourcesHugepageLimit drops a hugepage limit from g.spec.Linux.Resources.HugepageLimits. -func (g *Generator) DropLinuxResourcesHugepageLimit(pageSize string) error { - g.initSpecLinuxResources() +func (g *Generator) DropLinuxResourcesHugepageLimit(pageSize string) { + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil { + return + } + for i, pageLimit := range g.spec.Linux.Resources.HugepageLimits { if pageLimit.Pagesize == pageSize { g.spec.Linux.Resources.HugepageLimits = append(g.spec.Linux.Resources.HugepageLimits[:i], g.spec.Linux.Resources.HugepageLimits[i+1:]...) - return nil + return } } - - return nil } // SetLinuxResourcesMemoryLimit sets g.spec.Linux.Resources.Memory.Limit. @@ -640,7 +803,10 @@ func (g *Generator) AddLinuxResourcesNetworkPriorities(name string, prio uint32) // DropLinuxResourcesNetworkPriorities drops one item from g.spec.Linux.Resources.Network.Priorities. func (g *Generator) DropLinuxResourcesNetworkPriorities(name string) { - g.initSpecLinuxResourcesNetwork() + if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Resources == nil || g.spec.Linux.Resources.Network == nil { + return + } + for i, netPriority := range g.spec.Linux.Resources.Network.Priorities { if netPriority.Name == name { g.spec.Linux.Resources.Network.Priorities = append(g.spec.Linux.Resources.Network.Priorities[:i], g.spec.Linux.Resources.Network.Priorities[i+1:]...) @@ -722,11 +888,15 @@ func (g *Generator) SetLinuxRootPropagation(rp string) error { switch rp { case "": case "private": + case "rprivate": case "slave": + case "rslave": case "shared": + case "rshared": case "unbindable": + case "runbindable": default: - return fmt.Errorf("rootfs-propagation must be empty or one of private|slave|shared|unbindable") + return fmt.Errorf("rootfs-propagation %q must be empty or one of (r)private|(r)slave|(r)shared|(r)unbindable", rp) } g.initSpecLinux() g.spec.Linux.RootfsPropagation = rp @@ -742,42 +912,16 @@ func (g *Generator) ClearPreStartHooks() { } // AddPreStartHook add a prestart hook into g.spec.Hooks.Prestart. -func (g *Generator) AddPreStartHook(path string, args []string) { +func (g *Generator) AddPreStartHook(preStartHook rspec.Hook) error { g.initSpecHooks() - hook := rspec.Hook{Path: path, Args: args} for i, hook := range g.spec.Hooks.Prestart { - if hook.Path == path { - g.spec.Hooks.Prestart[i] = hook - return - } - } - g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook) -} - -// AddPreStartHookEnv adds envs of a prestart hook into g.spec.Hooks.Prestart. -func (g *Generator) AddPreStartHookEnv(path string, envs []string) { - g.initSpecHooks() - for i, hook := range g.spec.Hooks.Prestart { - if hook.Path == path { - g.spec.Hooks.Prestart[i].Env = envs - return - } - } - hook := rspec.Hook{Path: path, Env: envs} - g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook) -} - -// AddPreStartHookTimeout adds timeout of a prestart hook into g.spec.Hooks.Prestart. -func (g *Generator) AddPreStartHookTimeout(path string, timeout int) { - g.initSpecHooks() - for i, hook := range g.spec.Hooks.Prestart { - if hook.Path == path { - g.spec.Hooks.Prestart[i].Timeout = &timeout - return + if hook.Path == preStartHook.Path { + g.spec.Hooks.Prestart[i] = preStartHook + return nil } } - hook := rspec.Hook{Path: path, Timeout: &timeout} - g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, hook) + g.spec.Hooks.Prestart = append(g.spec.Hooks.Prestart, preStartHook) + return nil } // ClearPostStopHooks clear g.spec.Hooks.Poststop. @@ -789,42 +933,16 @@ func (g *Generator) ClearPostStopHooks() { } // AddPostStopHook adds a poststop hook into g.spec.Hooks.Poststop. -func (g *Generator) AddPostStopHook(path string, args []string) { +func (g *Generator) AddPostStopHook(postStopHook rspec.Hook) error { g.initSpecHooks() - hook := rspec.Hook{Path: path, Args: args} for i, hook := range g.spec.Hooks.Poststop { - if hook.Path == path { - g.spec.Hooks.Poststop[i] = hook - return - } - } - g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook) -} - -// AddPostStopHookEnv adds envs of a poststop hook into g.spec.Hooks.Poststop. -func (g *Generator) AddPostStopHookEnv(path string, envs []string) { - g.initSpecHooks() - for i, hook := range g.spec.Hooks.Poststop { - if hook.Path == path { - g.spec.Hooks.Poststop[i].Env = envs - return - } - } - hook := rspec.Hook{Path: path, Env: envs} - g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook) -} - -// AddPostStopHookTimeout adds timeout of a poststop hook into g.spec.Hooks.Poststop. -func (g *Generator) AddPostStopHookTimeout(path string, timeout int) { - g.initSpecHooks() - for i, hook := range g.spec.Hooks.Poststop { - if hook.Path == path { - g.spec.Hooks.Poststop[i].Timeout = &timeout - return + if hook.Path == postStopHook.Path { + g.spec.Hooks.Poststop[i] = postStopHook + return nil } } - hook := rspec.Hook{Path: path, Timeout: &timeout} - g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, hook) + g.spec.Hooks.Poststop = append(g.spec.Hooks.Poststop, postStopHook) + return nil } // ClearPostStartHooks clear g.spec.Hooks.Poststart. @@ -836,107 +954,50 @@ func (g *Generator) ClearPostStartHooks() { } // AddPostStartHook adds a poststart hook into g.spec.Hooks.Poststart. -func (g *Generator) AddPostStartHook(path string, args []string) { +func (g *Generator) AddPostStartHook(postStartHook rspec.Hook) error { g.initSpecHooks() - hook := rspec.Hook{Path: path, Args: args} for i, hook := range g.spec.Hooks.Poststart { - if hook.Path == path { - g.spec.Hooks.Poststart[i] = hook - return + if hook.Path == postStartHook.Path { + g.spec.Hooks.Poststart[i] = postStartHook + return nil } } - g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook) + g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, postStartHook) + return nil } -// AddPostStartHookEnv adds envs of a poststart hook into g.spec.Hooks.Poststart. -func (g *Generator) AddPostStartHookEnv(path string, envs []string) { - g.initSpecHooks() - for i, hook := range g.spec.Hooks.Poststart { - if hook.Path == path { - g.spec.Hooks.Poststart[i].Env = envs - return - } - } - hook := rspec.Hook{Path: path, Env: envs} - g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook) -} +// AddMount adds a mount into g.spec.Mounts. +func (g *Generator) AddMount(mnt rspec.Mount) { + g.initSpec() -// AddPostStartHookTimeout adds timeout of a poststart hook into g.spec.Hooks.Poststart. -func (g *Generator) AddPostStartHookTimeout(path string, timeout int) { - g.initSpecHooks() - for i, hook := range g.spec.Hooks.Poststart { - if hook.Path == path { - g.spec.Hooks.Poststart[i].Timeout = &timeout - return - } - } - hook := rspec.Hook{Path: path, Timeout: &timeout} - g.spec.Hooks.Poststart = append(g.spec.Hooks.Poststart, hook) + g.spec.Mounts = append(g.spec.Mounts, mnt) } -// AddTmpfsMount adds a tmpfs mount into g.spec.Mounts. -func (g *Generator) AddTmpfsMount(dest string, options []string) { - mnt := rspec.Mount{ - Destination: dest, - Type: "tmpfs", - Source: "tmpfs", - Options: options, - } - +// RemoveMount removes a mount point on the dest directory +func (g *Generator) RemoveMount(dest string) { g.initSpec() - g.spec.Mounts = append(g.spec.Mounts, mnt) -} -// AddCgroupsMount adds a cgroup mount into g.spec.Mounts. -func (g *Generator) AddCgroupsMount(mountCgroupOption string) error { - switch mountCgroupOption { - case "ro": - case "rw": - case "no": - return nil - default: - return fmt.Errorf("--mount-cgroups should be one of (ro,rw,no)") + for index, mount := range g.spec.Mounts { + if mount.Destination == dest { + g.spec.Mounts = append(g.spec.Mounts[:index], g.spec.Mounts[index+1:]...) + return + } } +} - mnt := rspec.Mount{ - Destination: "/sys/fs/cgroup", - Type: "cgroup", - Source: "cgroup", - Options: []string{"nosuid", "noexec", "nodev", "relatime", mountCgroupOption}, - } +// Mounts returns the list of mounts +func (g *Generator) Mounts() []rspec.Mount { g.initSpec() - g.spec.Mounts = append(g.spec.Mounts, mnt) - return nil + return g.spec.Mounts } -// AddBindMount adds a bind mount into g.spec.Mounts. -func (g *Generator) AddBindMount(source, dest string, options []string) { - if len(options) == 0 { - options = []string{"rw"} - } - - // We have to make sure that there is a bind option set, otherwise it won't - // be an actual bindmount. - foundBindOption := false - for _, opt := range options { - if opt == "bind" || opt == "rbind" { - foundBindOption = true - break - } - } - if !foundBindOption { - options = append(options, "bind") - } - - mnt := rspec.Mount{ - Destination: dest, - Type: "bind", - Source: source, - Options: options, +// ClearMounts clear g.spec.Mounts +func (g *Generator) ClearMounts() { + if g.spec == nil { + return } - g.initSpec() - g.spec.Mounts = append(g.spec.Mounts, mnt) + g.spec.Mounts = []rspec.Mount{} } // SetupPrivileged sets up the privilege-related fields inside g.spec. @@ -1093,10 +1154,11 @@ func (g *Generator) AddProcessCapabilityPermitted(c string) error { // DropProcessCapabilityAmbient drops a process capability from g.spec.Process.Capabilities.Ambient. func (g *Generator) DropProcessCapabilityAmbient(c string) error { - cp := strings.ToUpper(c) - - g.initSpecProcessCapabilities() + if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil { + return nil + } + cp := strings.ToUpper(c) for i, cap := range g.spec.Process.Capabilities.Ambient { if strings.ToUpper(cap) == cp { g.spec.Process.Capabilities.Ambient = removeFunc(g.spec.Process.Capabilities.Ambient, i) @@ -1108,10 +1170,11 @@ func (g *Generator) DropProcessCapabilityAmbient(c string) error { // DropProcessCapabilityBounding drops a process capability from g.spec.Process.Capabilities.Bounding. func (g *Generator) DropProcessCapabilityBounding(c string) error { - cp := strings.ToUpper(c) - - g.initSpecProcessCapabilities() + if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil { + return nil + } + cp := strings.ToUpper(c) for i, cap := range g.spec.Process.Capabilities.Bounding { if strings.ToUpper(cap) == cp { g.spec.Process.Capabilities.Bounding = removeFunc(g.spec.Process.Capabilities.Bounding, i) @@ -1123,10 +1186,11 @@ func (g *Generator) DropProcessCapabilityBounding(c string) error { // DropProcessCapabilityEffective drops a process capability from g.spec.Process.Capabilities.Effective. func (g *Generator) DropProcessCapabilityEffective(c string) error { - cp := strings.ToUpper(c) - - g.initSpecProcessCapabilities() + if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil { + return nil + } + cp := strings.ToUpper(c) for i, cap := range g.spec.Process.Capabilities.Effective { if strings.ToUpper(cap) == cp { g.spec.Process.Capabilities.Effective = removeFunc(g.spec.Process.Capabilities.Effective, i) @@ -1138,13 +1202,11 @@ func (g *Generator) DropProcessCapabilityEffective(c string) error { // DropProcessCapabilityInheritable drops a process capability from g.spec.Process.Capabilities.Inheritable. func (g *Generator) DropProcessCapabilityInheritable(c string) error { - cp := strings.ToUpper(c) - if err := validate.CapValid(cp, g.HostSpecific); err != nil { - return err + if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil { + return nil } - g.initSpecProcessCapabilities() - + cp := strings.ToUpper(c) for i, cap := range g.spec.Process.Capabilities.Inheritable { if strings.ToUpper(cap) == cp { g.spec.Process.Capabilities.Inheritable = removeFunc(g.spec.Process.Capabilities.Inheritable, i) @@ -1156,10 +1218,11 @@ func (g *Generator) DropProcessCapabilityInheritable(c string) error { // DropProcessCapabilityPermitted drops a process capability from g.spec.Process.Capabilities.Permitted. func (g *Generator) DropProcessCapabilityPermitted(c string) error { - cp := strings.ToUpper(c) - - g.initSpecProcessCapabilities() + if g.spec == nil || g.spec.Process == nil || g.spec.Process.Capabilities == nil { + return nil + } + cp := strings.ToUpper(c) for i, cap := range g.spec.Process.Capabilities.Permitted { if strings.ToUpper(cap) == cp { g.spec.Process.Capabilities.Ambient = removeFunc(g.spec.Process.Capabilities.Ambient, i) @@ -1254,18 +1317,17 @@ func (g *Generator) AddDevice(device rspec.LinuxDevice) { } // RemoveDevice remove a device from g.spec.Linux.Devices -func (g *Generator) RemoveDevice(path string) error { +func (g *Generator) RemoveDevice(path string) { if g.spec == nil || g.spec.Linux == nil || g.spec.Linux.Devices == nil { - return nil + return } for i, device := range g.spec.Linux.Devices { if device.Path == path { g.spec.Linux.Devices = append(g.spec.Linux.Devices[:i], g.spec.Linux.Devices[i+1:]...) - return nil + return } } - return nil } // ClearLinuxDevices clears g.spec.Linux.Devices @@ -1361,3 +1423,122 @@ func (g *Generator) AddLinuxReadonlyPaths(path string) { g.initSpecLinux() g.spec.Linux.ReadonlyPaths = append(g.spec.Linux.ReadonlyPaths, path) } + +func addOrReplaceBlockIOThrottleDevice(tmpList []rspec.LinuxThrottleDevice, major int64, minor int64, rate uint64) []rspec.LinuxThrottleDevice { + throttleDevices := tmpList + for i, throttleDevice := range throttleDevices { + if throttleDevice.Major == major && throttleDevice.Minor == minor { + throttleDevices[i].Rate = rate + return throttleDevices + } + } + throttleDevice := new(rspec.LinuxThrottleDevice) + throttleDevice.Major = major + throttleDevice.Minor = minor + throttleDevice.Rate = rate + throttleDevices = append(throttleDevices, *throttleDevice) + + return throttleDevices +} + +func dropBlockIOThrottleDevice(tmpList []rspec.LinuxThrottleDevice, major int64, minor int64) []rspec.LinuxThrottleDevice { + throttleDevices := tmpList + for i, throttleDevice := range throttleDevices { + if throttleDevice.Major == major && throttleDevice.Minor == minor { + throttleDevices = append(throttleDevices[:i], throttleDevices[i+1:]...) + return throttleDevices + } + } + + return throttleDevices +} + +// AddSolarisAnet adds network into g.spec.Solaris.Anet +func (g *Generator) AddSolarisAnet(anet rspec.SolarisAnet) { + g.initSpecSolaris() + g.spec.Solaris.Anet = append(g.spec.Solaris.Anet, anet) +} + +// SetSolarisCappedCPUNcpus sets g.spec.Solaris.CappedCPU.Ncpus +func (g *Generator) SetSolarisCappedCPUNcpus(ncpus string) { + g.initSpecSolarisCappedCPU() + g.spec.Solaris.CappedCPU.Ncpus = ncpus +} + +// SetSolarisCappedMemoryPhysical sets g.spec.Solaris.CappedMemory.Physical +func (g *Generator) SetSolarisCappedMemoryPhysical(physical string) { + g.initSpecSolarisCappedMemory() + g.spec.Solaris.CappedMemory.Physical = physical +} + +// SetSolarisCappedMemorySwap sets g.spec.Solaris.CappedMemory.Swap +func (g *Generator) SetSolarisCappedMemorySwap(swap string) { + g.initSpecSolarisCappedMemory() + g.spec.Solaris.CappedMemory.Swap = swap +} + +// SetSolarisLimitPriv sets g.spec.Solaris.LimitPriv +func (g *Generator) SetSolarisLimitPriv(limitPriv string) { + g.initSpecSolaris() + g.spec.Solaris.LimitPriv = limitPriv +} + +// SetSolarisMaxShmMemory sets g.spec.Solaris.MaxShmMemory +func (g *Generator) SetSolarisMaxShmMemory(memory string) { + g.initSpecSolaris() + g.spec.Solaris.MaxShmMemory = memory +} + +// SetSolarisMilestone sets g.spec.Solaris.Milestone +func (g *Generator) SetSolarisMilestone(milestone string) { + g.initSpecSolaris() + g.spec.Solaris.Milestone = milestone +} + +// SetWindowsHypervUntilityVMPath sets g.spec.Windows.HyperV.UtilityVMPath. +func (g *Generator) SetWindowsHypervUntilityVMPath(path string) { + g.initSpecWindowsHyperV() + g.spec.Windows.HyperV.UtilityVMPath = path +} + +// SetWinodwsIgnoreFlushesDuringBoot sets g.spec.Winodws.IgnoreFlushesDuringBoot. +func (g *Generator) SetWinodwsIgnoreFlushesDuringBoot(ignore bool) { + g.initSpecWindows() + g.spec.Windows.IgnoreFlushesDuringBoot = ignore +} + +// AddWindowsLayerFolders adds layer folders into g.spec.Windows.LayerFolders. +func (g *Generator) AddWindowsLayerFolders(folder string) { + g.initSpecWindows() + g.spec.Windows.LayerFolders = append(g.spec.Windows.LayerFolders, folder) +} + +// SetWindowsNetwork sets g.spec.Windows.Network. +func (g *Generator) SetWindowsNetwork(network rspec.WindowsNetwork) { + g.initSpecWindows() + g.spec.Windows.Network = &network +} + +// SetWindowsResourcesCPU sets g.spec.Windows.Resources.CPU. +func (g *Generator) SetWindowsResourcesCPU(cpu rspec.WindowsCPUResources) { + g.initSpecWindowsResources() + g.spec.Windows.Resources.CPU = &cpu +} + +// SetWindowsResourcesMemoryLimit sets g.spec.Windows.Resources.Memory.Limit. +func (g *Generator) SetWindowsResourcesMemoryLimit(limit uint64) { + g.initSpecWindowsResourcesMemory() + g.spec.Windows.Resources.Memory.Limit = &limit +} + +// SetWindowsResourcesStorage sets g.spec.Windows.Resources.Storage. +func (g *Generator) SetWindowsResourcesStorage(storage rspec.WindowsStorageResources) { + g.initSpecWindowsResources() + g.spec.Windows.Resources.Storage = &storage +} + +// SetWinodwsServicing sets g.spec.Winodws.Servicing. +func (g *Generator) SetWinodwsServicing(servicing bool) { + g.initSpecWindows() + g.spec.Windows.Servicing = servicing +} -- cgit v1.2.3-54-g00ecf