1{
2 "ociVersionMin": "1.0.0",
3 "ociVersionMax": "1.0.2-dev",
4 "hooks": [
5 "prestart",
6 "createRuntime",
7 "createContainer",
8 "startContainer",
9 "poststart",
10 "poststop"
11 ],
12 "mountOptions": [
13 "acl",
14 "async",
15 "atime",
16 "bind",
17 "defaults",
18 "dev",
19 "diratime",
20 "dirsync",
21 "exec",
22 "iversion",
23 "lazytime",
24 "loud",
25 "mand",
26 "noacl",
27 "noatime",
28 "nodev",
29 "nodiratime",
30 "noexec",
31 "noiversion",
32 "nolazytime",
33 "nomand",
34 "norelatime",
35 "nostrictatime",
36 "nosuid",
37 "nosymfollow",
38 "private",
39 "ratime",
40 "rbind",
41 "rdev",
42 "rdiratime",
43 "relatime",
44 "remount",
45 "rexec",
46 "rnoatime",
47 "rnodev",
48 "rnodiratime",
49 "rnoexec",
50 "rnorelatime",
51 "rnostrictatime",
52 "rnosuid",
53 "rnosymfollow",
54 "ro",
55 "rprivate",
56 "rrelatime",
57 "rro",
58 "rrw",
59 "rshared",
60 "rslave",
61 "rstrictatime",
62 "rsuid",
63 "rsymfollow",
64 "runbindable",
65 "rw",
66 "shared",
67 "silent",
68 "slave",
69 "strictatime",
70 "suid",
71 "symfollow",
72 "sync",
73 "tmpcopyup",
74 "unbindable"
75 ],
76 "linux": {
77 "namespaces": [
78 "cgroup",
79 "ipc",
80 "mount",
81 "network",
82 "pid",
83 "user",
84 "uts"
85 ],
86 "capabilities": [
87 "CAP_CHOWN",
88 "CAP_DAC_OVERRIDE",
89 "CAP_DAC_READ_SEARCH",
90 "CAP_FOWNER",
91 "CAP_FSETID",
92 "CAP_KILL",
93 "CAP_SETGID",
94 "CAP_SETUID",
95 "CAP_SETPCAP",
96 "CAP_LINUX_IMMUTABLE",
97 "CAP_NET_BIND_SERVICE",
98 "CAP_NET_BROADCAST",
99 "CAP_NET_ADMIN",
100 "CAP_NET_RAW",
101 "CAP_IPC_LOCK",
102 "CAP_IPC_OWNER",
103 "CAP_SYS_MODULE",
104 "CAP_SYS_RAWIO",
105 "CAP_SYS_CHROOT",
106 "CAP_SYS_PTRACE",
107 "CAP_SYS_PACCT",
108 "CAP_SYS_ADMIN",
109 "CAP_SYS_BOOT",
110 "CAP_SYS_NICE",
111 "CAP_SYS_RESOURCE",
112 "CAP_SYS_TIME",
113 "CAP_SYS_TTY_CONFIG",
114 "CAP_MKNOD",
115 "CAP_LEASE",
116 "CAP_AUDIT_WRITE",
117 "CAP_AUDIT_CONTROL",
118 "CAP_SETFCAP",
119 "CAP_MAC_OVERRIDE",
120 "CAP_MAC_ADMIN",
121 "CAP_SYSLOG",
122 "CAP_WAKE_ALARM",
123 "CAP_BLOCK_SUSPEND",
124 "CAP_AUDIT_READ",
125 "CAP_PERFMON",
126 "CAP_BPF",
127 "CAP_CHECKPOINT_RESTORE"
128 ],
129 "cgroup": {
130 "v1": true,
131 "v2": true,
132 "systemd": true,
133 "systemdUser": true
134 },
135 "seccomp": {
136 "enabled": true,
137 "actions": [
138 "SCMP_ACT_ALLOW",
139 "SCMP_ACT_ERRNO",
140 "SCMP_ACT_KILL",
141 "SCMP_ACT_LOG",
142 "SCMP_ACT_NOTIFY",
143 "SCMP_ACT_TRACE",
144 "SCMP_ACT_TRAP"
145 ],
146 "operators": [
147 "SCMP_CMP_EQ",
148 "SCMP_CMP_GE",
149 "SCMP_CMP_GT",
150 "SCMP_CMP_LE",
151 "SCMP_CMP_LT",
152 "SCMP_CMP_MASKED_EQ",
153 "SCMP_CMP_NE"
154 ],
155 "archs": [
156 "SCMP_ARCH_AARCH64",
157 "SCMP_ARCH_ARM",
158 "SCMP_ARCH_MIPS",
159 "SCMP_ARCH_MIPS64",
160 "SCMP_ARCH_MIPS64N32",
161 "SCMP_ARCH_MIPSEL",
162 "SCMP_ARCH_MIPSEL64",
163 "SCMP_ARCH_MIPSEL64N32",
164 "SCMP_ARCH_PPC",
165 "SCMP_ARCH_PPC64",
166 "SCMP_ARCH_PPC64LE",
167 "SCMP_ARCH_S390",
168 "SCMP_ARCH_S390X",
169 "SCMP_ARCH_X32",
170 "SCMP_ARCH_X86",
171 "SCMP_ARCH_X86_64"
172 ],
173 "knownFlags": [
174 "SECCOMP_FILTER_FLAG_LOG"
175 ],
176 "supportedFlags": [
177 "SECCOMP_FILTER_FLAG_LOG"
178 ]
179 },
180 "apparmor": {
181 "enabled": true
182 },
183 "selinux": {
184 "enabled": true
185 }
186 },
187 "annotations": {
188 "io.github.seccomp.libseccomp.version": "2.5.4",
189 "org.opencontainers.runc.checkpoint.enabled": "true",
190 "org.opencontainers.runc.commit": "v1.1.0-368-ga1c51c56",
191 "org.opencontainers.runc.version": "1.1.0+dev"
192 }
193}
View as plain text