1{
2 "ociVersion": "0.5.0-dev",
3 "process": {
4 "terminal": true,
5 "user": {
6 "uid": 1,
7 "gid": 1,
8 "additionalGids": [
9 5,
10 6
11 ]
12 },
13 "args": [
14 "sh"
15 ],
16 "env": [
17 "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
18 "TERM=xterm"
19 ],
20 "cwd": "/",
21 "capabilities": {
22 "bounding": [
23 "CAP_AUDIT_WRITE",
24 "CAP_KILL",
25 "CAP_NET_BIND_SERVICE"
26 ],
27 "permitted": [
28 "CAP_AUDIT_WRITE",
29 "CAP_KILL",
30 "CAP_NET_BIND_SERVICE"
31 ],
32 "inheritable": [
33 "CAP_AUDIT_WRITE",
34 "CAP_KILL",
35 "CAP_NET_BIND_SERVICE"
36 ],
37 "effective": [
38 "CAP_AUDIT_WRITE",
39 "CAP_KILL"
40 ],
41 "ambient": [
42 "CAP_NET_BIND_SERVICE"
43 ]
44 },
45 "rlimits": [
46 {
47 "type": "RLIMIT_CORE",
48 "hard": 1024,
49 "soft": 1024
50 },
51 {
52 "type": "RLIMIT_NOFILE",
53 "hard": 1024,
54 "soft": 1024
55 }
56 ],
57 "apparmorProfile": "acme_secure_profile",
58 "selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675",
59 "noNewPrivileges": true
60 },
61 "root": {
62 "path": "rootfs",
63 "readonly": true
64 },
65 "hostname": "slartibartfast",
66 "domainname": "foobarbaz.test",
67 "mounts": [
68 {
69 "destination": "/proc",
70 "type": "proc",
71 "source": "proc"
72 },
73 {
74 "destination": "/dev",
75 "type": "tmpfs",
76 "source": "tmpfs",
77 "options": [
78 "nosuid",
79 "strictatime",
80 "mode=755",
81 "size=65536k"
82 ]
83 },
84 {
85 "destination": "/dev/pts",
86 "type": "devpts",
87 "source": "devpts",
88 "options": [
89 "nosuid",
90 "noexec",
91 "newinstance",
92 "ptmxmode=0666",
93 "mode=0620",
94 "gid=5"
95 ]
96 },
97 {
98 "destination": "/dev/shm",
99 "type": "tmpfs",
100 "source": "shm",
101 "options": [
102 "nosuid",
103 "noexec",
104 "nodev",
105 "mode=1777",
106 "size=65536k"
107 ]
108 },
109 {
110 "destination": "/dev/mqueue",
111 "type": "mqueue",
112 "source": "mqueue",
113 "options": [
114 "nosuid",
115 "noexec",
116 "nodev"
117 ]
118 },
119 {
120 "destination": "/sys",
121 "type": "sysfs",
122 "source": "sysfs",
123 "options": [
124 "nosuid",
125 "noexec",
126 "nodev"
127 ]
128 },
129 {
130 "destination": "/sys/fs/cgroup",
131 "type": "cgroup",
132 "source": "cgroup",
133 "options": [
134 "nosuid",
135 "noexec",
136 "nodev",
137 "relatime",
138 "ro"
139 ]
140 }
141 ],
142 "hooks": {
143 "prestart": [
144 {
145 "path": "/usr/bin/fix-mounts",
146 "args": [
147 "fix-mounts",
148 "arg1",
149 "arg2"
150 ],
151 "env": [
152 "key1=value1"
153 ]
154 },
155 {
156 "path": "/usr/bin/setup-network"
157 }
158 ],
159 "createRuntime": [
160 {
161 "path": "/usr/bin/fix-mounts",
162 "args": ["fix-mounts", "arg1", "arg2"],
163 "env": [ "key1=value1"]
164 },
165 {
166 "path": "/usr/bin/setup-network"
167 }
168 ],
169 "createContainer": [
170 {
171 "path": "/usr/bin/mount-hook",
172 "args": ["-mount", "arg1", "arg2"],
173 "env": [ "key1=value1"]
174 }
175 ],
176 "startContainer": [
177 {
178 "path": "/usr/bin/refresh-ldcache"
179 }
180 ],
181 "poststart": [
182 {
183 "path": "/usr/bin/notify-start",
184 "timeout": 5
185 }
186 ],
187 "poststop": [
188 {
189 "path": "/usr/sbin/cleanup.sh",
190 "args": [
191 "cleanup.sh",
192 "-f"
193 ]
194 }
195 ]
196 },
197 "linux": {
198 "devices": [
199 {
200 "path": "/dev/fuse",
201 "type": "c",
202 "major": 10,
203 "minor": 229,
204 "fileMode": 438,
205 "uid": 0,
206 "gid": 0
207 },
208 {
209 "path": "/dev/sda",
210 "type": "b",
211 "major": 8,
212 "minor": 0,
213 "fileMode": 432,
214 "uid": 0,
215 "gid": 0
216 }
217 ],
218 "uidMappings": [
219 {
220 "containerID": 0,
221 "hostID": 1000,
222 "size": 32000
223 }
224 ],
225 "gidMappings": [
226 {
227 "containerID": 0,
228 "hostID": 1000,
229 "size": 32000
230 }
231 ],
232 "sysctl": {
233 "net.ipv4.ip_forward": "1",
234 "net.core.somaxconn": "256"
235 },
236 "cgroupsPath": "/myRuntime/myContainer",
237 "resources": {
238 "network": {
239 "classID": 1048577,
240 "priorities": [
241 {
242 "name": "eth0",
243 "priority": 500
244 },
245 {
246 "name": "eth1",
247 "priority": 1000
248 }
249 ]
250 },
251 "pids": {
252 "limit": 32771
253 },
254 "hugepageLimits": [
255 {
256 "pageSize": "2MB",
257 "limit": 9223372036854772000
258 },
259 {
260 "pageSize": "64KB",
261 "limit": 1000000
262 }
263 ],
264 "oomScoreAdj": 100,
265 "memory": {
266 "limit": 536870912,
267 "reservation": 536870912,
268 "swap": 536870912,
269 "kernel": -1,
270 "kernelTCP": -1,
271 "swappiness": 0,
272 "disableOOMKiller": false,
273 "useHierarchy": false,
274 "checkBeforeUpdate": false
275 },
276 "cpu": {
277 "shares": 1024,
278 "quota": 1000000,
279 "burst": 1000000,
280 "period": 500000,
281 "realtimeRuntime": 950000,
282 "realtimePeriod": 1000000,
283 "cpus": "2-3",
284 "mems": "0-7"
285 },
286 "devices": [
287 {
288 "allow": false,
289 "access": "rwm"
290 },
291 {
292 "allow": true,
293 "type": "c",
294 "major": 10,
295 "minor": 229,
296 "access": "rw"
297 },
298 {
299 "allow": true,
300 "type": "b",
301 "major": 8,
302 "minor": 0,
303 "access": "r"
304 }
305 ],
306 "blockIO": {
307 "weight": 10,
308 "leafWeight": 10,
309 "weightDevice": [
310 {
311 "major": 8,
312 "minor": 0,
313 "weight": 500,
314 "leafWeight": 300
315 },
316 {
317 "major": 8,
318 "minor": 16,
319 "weight": 500
320 }
321 ],
322 "throttleReadBpsDevice": [
323 {
324 "major": 8,
325 "minor": 0,
326 "rate": 600
327 }
328 ],
329 "throttleWriteIOPSDevice": [
330 {
331 "major": 8,
332 "minor": 16,
333 "rate": 300
334 }
335 ]
336 }
337 },
338 "rootfsPropagation": "slave",
339 "seccomp": {
340 "defaultAction": "SCMP_ACT_ALLOW",
341 "architectures": [
342 "SCMP_ARCH_X86",
343 "SCMP_ARCH_X32"
344 ],
345 "syscalls": [
346 {
347 "names": [
348 "getcwd",
349 "chmod"
350 ],
351 "action": "SCMP_ACT_ERRNO"
352 }
353 ]
354 },
355 "timeOffsets": {
356 "monotonic": {
357 "secs": 172800,
358 "nanosecs": 0
359 },
360 "boottime": {
361 "secs": 604800,
362 "nanosecs": 0
363 }
364 },
365 "namespaces": [
366 {
367 "type": "pid"
368 },
369 {
370 "type": "network"
371 },
372 {
373 "type": "ipc"
374 },
375 {
376 "type": "uts"
377 },
378 {
379 "type": "mount"
380 },
381 {
382 "type": "user"
383 },
384 {
385 "type": "cgroup"
386 },
387 {
388 "type": "time"
389 }
390 ],
391 "maskedPaths": [
392 "/proc/kcore",
393 "/proc/latency_stats",
394 "/proc/timer_stats",
395 "/proc/sched_debug"
396 ],
397 "readonlyPaths": [
398 "/proc/asound",
399 "/proc/bus",
400 "/proc/fs",
401 "/proc/irq",
402 "/proc/sys",
403 "/proc/sysrq-trigger"
404 ],
405 "mountLabel": "system_u:object_r:svirt_sandbox_file_t:s0:c715,c811"
406 },
407 "annotations": {
408 "com.example.key1": "value1",
409 "com.example.key2": "value2"
410 }
411}
View as plain text