1 // Package features provides the JSON structure that is printed by `runc features` (since runc v1.1.0). 2 // The types in this package are experimental and subject to change. 3 package features 4 5 // Features represents the supported features of the runtime. 6 type Features struct { 7 // OCIVersionMin is the minimum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.0". 8 OCIVersionMin string `json:"ociVersionMin,omitempty"` 9 10 // OCIVersionMax is the maximum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.2-dev". 11 OCIVersionMax string `json:"ociVersionMax,omitempty"` 12 13 // Hooks is the list of the recognized hook names, e.g., "createRuntime". 14 // Nil value means "unknown", not "no support for any hook". 15 Hooks []string `json:"hooks,omitempty"` 16 17 // MountOptions is the list of the recognized mount options, e.g., "ro". 18 // Nil value means "unknown", not "no support for any mount option". 19 // This list does not contain filesystem-specific options passed to mount(2) syscall as (const void *). 20 MountOptions []string `json:"mountOptions,omitempty"` 21 22 // Linux is specific to Linux. 23 Linux *Linux `json:"linux,omitempty"` 24 25 // Annotations contains implementation-specific annotation strings, 26 // such as the implementation version, and third-party extensions. 27 Annotations map[string]string `json:"annotations,omitempty"` 28 } 29 30 // Linux is specific to Linux. 31 type Linux struct { 32 // Namespaces is the list of the recognized namespaces, e.g., "mount". 33 // Nil value means "unknown", not "no support for any namespace". 34 Namespaces []string `json:"namespaces,omitempty"` 35 36 // Capabilities is the list of the recognized capabilities , e.g., "CAP_SYS_ADMIN". 37 // Nil value means "unknown", not "no support for any capability". 38 Capabilities []string `json:"capabilities,omitempty"` 39 40 Cgroup *Cgroup `json:"cgroup,omitempty"` 41 Seccomp *Seccomp `json:"seccomp,omitempty"` 42 Apparmor *Apparmor `json:"apparmor,omitempty"` 43 Selinux *Selinux `json:"selinux,omitempty"` 44 } 45 46 // Seccomp represents the "seccomp" field. 47 type Seccomp struct { 48 // Enabled is true if seccomp support is compiled in. 49 // Nil value means "unknown", not "false". 50 Enabled *bool `json:"enabled,omitempty"` 51 52 // Actions is the list of the recognized actions, e.g., "SCMP_ACT_NOTIFY". 53 // Nil value means "unknown", not "no support for any action". 54 Actions []string `json:"actions,omitempty"` 55 56 // Operators is the list of the recognized actions, e.g., "SCMP_CMP_NE". 57 // Nil value means "unknown", not "no support for any operator". 58 Operators []string `json:"operators,omitempty"` 59 60 // Operators is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64". 61 // Nil value means "unknown", not "no support for any arch". 62 Archs []string `json:"archs,omitempty"` 63 } 64 65 // Apparmor represents the "apparmor" field. 66 type Apparmor struct { 67 // Enabled is true if AppArmor support is compiled in. 68 // Unrelated to whether the host supports AppArmor or not. 69 // Nil value means "unknown", not "false". 70 // Always true in the current version of runc. 71 Enabled *bool `json:"enabled,omitempty"` 72 } 73 74 // Selinux represents the "selinux" field. 75 type Selinux struct { 76 // Enabled is true if SELinux support is compiled in. 77 // Unrelated to whether the host supports SELinux or not. 78 // Nil value means "unknown", not "false". 79 // Always true in the current version of runc. 80 Enabled *bool `json:"enabled,omitempty"` 81 } 82 83 // Cgroup represents the "cgroup" field. 84 type Cgroup struct { 85 // V1 represents whether Cgroup v1 support is compiled in. 86 // Unrelated to whether the host uses cgroup v1 or not. 87 // Nil value means "unknown", not "false". 88 // Always true in the current version of runc. 89 V1 *bool `json:"v1,omitempty"` 90 91 // V2 represents whether Cgroup v2 support is compiled in. 92 // Unrelated to whether the host uses cgroup v2 or not. 93 // Nil value means "unknown", not "false". 94 // Always true in the current version of runc. 95 V2 *bool `json:"v2,omitempty"` 96 97 // Systemd represents whether systemd-cgroup support is compiled in. 98 // Unrelated to whether the host uses systemd or not. 99 // Nil value means "unknown", not "false". 100 // Always true in the current version of runc. 101 Systemd *bool `json:"systemd,omitempty"` 102 103 // SystemdUser represents whether user-scoped systemd-cgroup support is compiled in. 104 // Unrelated to whether the host uses systemd or not. 105 // Nil value means "unknown", not "false". 106 // Always true in the current version of runc. 107 SystemdUser *bool `json:"systemdUser,omitempty"` 108 } 109 110 const ( 111 // AnnotationRuncVersion represents the version of runc, e.g., "1.2.3", "1.2.3+dev", "1.2.3-rc.4.", "1.2.3-rc.4+dev". 112 // Third party implementations such as crun and runsc MAY use this annotation to report the most compatible runc version, 113 // however, parsing this annotation value is discouraged. 114 AnnotationRuncVersion = "org.opencontainers.runc.version" 115 116 // AnnotationRuncCommit corresponds to the output of `git describe --dirty --long --always` in the runc repo. 117 // Third party implementations such as crun and runsc SHOULD NOT use this annotation, as their repo is different from the runc repo. 118 // Parsing this annotation value is discouraged. 119 AnnotationRuncCommit = "org.opencontainers.runc.commit" 120 121 // AnnotationRuncCheckpointEnabled is set to "true" if CRIU-based checkpointing is supported. 122 // Unrelated to whether the host supports CRIU or not. 123 // Always set to "true" in the current version of runc. 124 // This is defined as an annotation because checkpointing is a runc-specific feature that is not defined in the OCI Runtime Spec. 125 // Third party implementations such as crun and runsc MAY use this annotation. 126 AnnotationRuncCheckpointEnabled = "org.opencontainers.runc.checkpoint.enabled" 127 128 // AnnotationLibseccompVersion is the version of libseccomp, e.g., "2.5.1". 129 // Note that the runtime MAY support seccomp even when this annotation is not present. 130 AnnotationLibseccompVersion = "io.github.seccomp.libseccomp.version" 131 ) 132