mirror of
https://github.com/opencontainers/runtime-spec.git
synced 2026-02-05 18:45:18 +01:00
f329913c57
High level container runtimes sometimes need to know if the OCI runtime supports idmap mounts or not, as the OCI runtime silently ignores unknown fields. This means that if it doesn't support idmap mounts, a container with userns will be started, without idmap mounts, and the files created on the volumes will have a "garbage" owner/group. Furthermore, as the userns mapping is not guaranteed to be stable over time, it will be completely unusable. Let's expose idmap support in the features subcommand, so high level container runtimes use the feature safely. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
117 lines
3.5 KiB
JSON
117 lines
3.5 KiB
JSON
{
|
|
"linux": {
|
|
"description": "Linux platform-specific features",
|
|
"type": "object",
|
|
"properties": {
|
|
"namespaces": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "defs-linux.json#/definitions/NamespaceType"
|
|
}
|
|
},
|
|
"capabilities": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"pattern": "^CAP_[A-Z_]+$"
|
|
}
|
|
},
|
|
"cgroup": {
|
|
"type": "object",
|
|
"properties": {
|
|
"v1": {
|
|
"type": "boolean"
|
|
},
|
|
"v2": {
|
|
"type": "boolean"
|
|
},
|
|
"systemd": {
|
|
"type": "boolean"
|
|
},
|
|
"systemdUser": {
|
|
"type": "boolean"
|
|
},
|
|
"rdma": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"seccomp": {
|
|
"type": "object",
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean"
|
|
},
|
|
"actions": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "defs-linux.json#/definitions/SeccompAction"
|
|
}
|
|
},
|
|
"operators": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "defs-linux.json#/definitions/SeccompOperators"
|
|
}
|
|
},
|
|
"archs": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "defs-linux.json#/definitions/SeccompArch"
|
|
}
|
|
},
|
|
"knownFlags": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "defs-linux.json#/definitions/SeccompFlag"
|
|
}
|
|
},
|
|
"supportedFlags": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "defs-linux.json#/definitions/SeccompFlag"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"apparmor": {
|
|
"type": "object",
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"selinux": {
|
|
"type": "object",
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"intelRdt": {
|
|
"type": "object",
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
},
|
|
"mountExtensions": {
|
|
"type": "object",
|
|
"properties": {
|
|
"idmap": {
|
|
"type": "object",
|
|
"properties": {
|
|
"enabled": {
|
|
"type": "boolean"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|