mirror of
https://github.com/opencontainers/runc.git
synced 2025-09-26 19:41:35 +08:00
076745a40f
Amend runc features to print seccomp flags. Two set of flags are added: * known flags are those that this version of runc is aware of; * supported flags are those that can be set; normally, this is the same set as known flags, but due to older version of kernel and/or libseccomp, some known flags might be unsupported. This commit also consolidates three different switch statements dealing with flags into one, in func setFlag. A note is added to this function telling what else to look for when adding new flags. Unfortunately, it also adds a list of known flags, that should be kept in sync with the switch statement. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
78 lines
2.2 KiB
Go
78 lines
2.2 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
|
|
"github.com/opencontainers/runc/libcontainer/capabilities"
|
|
"github.com/opencontainers/runc/libcontainer/configs"
|
|
"github.com/opencontainers/runc/libcontainer/seccomp"
|
|
"github.com/opencontainers/runc/libcontainer/specconv"
|
|
"github.com/opencontainers/runc/types/features"
|
|
"github.com/opencontainers/runtime-spec/specs-go"
|
|
"github.com/urfave/cli"
|
|
)
|
|
|
|
var featuresCommand = cli.Command{
|
|
Name: "features",
|
|
Usage: "show the enabled features",
|
|
ArgsUsage: "",
|
|
Description: `Show the enabled features.
|
|
The result is parsable as a JSON.
|
|
See https://pkg.go.dev/github.com/opencontainers/runc/types/features for the type definition.
|
|
The types are experimental and subject to change.
|
|
`,
|
|
Action: func(context *cli.Context) error {
|
|
if err := checkArgs(context, 0, exactArgs); err != nil {
|
|
return err
|
|
}
|
|
|
|
tru := true
|
|
|
|
feat := features.Features{
|
|
OCIVersionMin: "1.0.0",
|
|
OCIVersionMax: specs.Version,
|
|
Annotations: map[string]string{
|
|
features.AnnotationRuncVersion: version,
|
|
features.AnnotationRuncCommit: gitCommit,
|
|
features.AnnotationRuncCheckpointEnabled: "true",
|
|
},
|
|
Hooks: configs.KnownHookNames(),
|
|
MountOptions: specconv.KnownMountOptions(),
|
|
Linux: &features.Linux{
|
|
Namespaces: specconv.KnownNamespaces(),
|
|
Capabilities: capabilities.KnownCapabilities(),
|
|
Cgroup: &features.Cgroup{
|
|
V1: &tru,
|
|
V2: &tru,
|
|
Systemd: &tru,
|
|
SystemdUser: &tru,
|
|
},
|
|
Apparmor: &features.Apparmor{
|
|
Enabled: &tru,
|
|
},
|
|
Selinux: &features.Selinux{
|
|
Enabled: &tru,
|
|
},
|
|
},
|
|
}
|
|
|
|
if seccomp.Enabled {
|
|
feat.Linux.Seccomp = &features.Seccomp{
|
|
Enabled: &tru,
|
|
Actions: seccomp.KnownActions(),
|
|
Operators: seccomp.KnownOperators(),
|
|
Archs: seccomp.KnownArchs(),
|
|
KnownFlags: seccomp.KnownFlags(),
|
|
SupportedFlags: seccomp.SupportedFlags(),
|
|
}
|
|
major, minor, patch := seccomp.Version()
|
|
feat.Annotations[features.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch)
|
|
}
|
|
|
|
enc := json.NewEncoder(context.App.Writer)
|
|
enc.SetIndent("", " ")
|
|
return enc.Encode(feat)
|
|
},
|
|
}
|