1 // Package features provides the Features struct. 2 package features 3 4 // Features represents the supported features of the runtime. 5 type Features struct { 6 // OCIVersionMin is the minimum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.0". 7 OCIVersionMin string `json:"ociVersionMin,omitempty"` 8 9 // OCIVersionMax is the maximum OCI Runtime Spec version recognized by the runtime, e.g., "1.0.2-dev". 10 OCIVersionMax string `json:"ociVersionMax,omitempty"` 11 12 // Hooks is the list of the recognized hook names, e.g., "createRuntime". 13 // Nil value means "unknown", not "no support for any hook". 14 Hooks []string `json:"hooks,omitempty"` 15 16 // MountOptions is the list of the recognized mount options, e.g., "ro". 17 // Nil value means "unknown", not "no support for any mount option". 18 // This list does not contain filesystem-specific options passed to mount(2) syscall as (const void *). 19 MountOptions []string `json:"mountOptions,omitempty"` 20 21 // Linux is specific to Linux. 22 Linux *Linux `json:"linux,omitempty"` 23 24 // Annotations contains implementation-specific annotation strings, 25 // such as the implementation version, and third-party extensions. 26 Annotations map[string]string `json:"annotations,omitempty"` 27 } 28 29 // Linux is specific to Linux. 30 type Linux struct { 31 // Namespaces is the list of the recognized namespaces, e.g., "mount". 32 // Nil value means "unknown", not "no support for any namespace". 33 Namespaces []string `json:"namespaces,omitempty"` 34 35 // Capabilities is the list of the recognized capabilities , e.g., "CAP_SYS_ADMIN". 36 // Nil value means "unknown", not "no support for any capability". 37 Capabilities []string `json:"capabilities,omitempty"` 38 39 Cgroup *Cgroup `json:"cgroup,omitempty"` 40 Seccomp *Seccomp `json:"seccomp,omitempty"` 41 Apparmor *Apparmor `json:"apparmor,omitempty"` 42 Selinux *Selinux `json:"selinux,omitempty"` 43 IntelRdt *IntelRdt `json:"intelRdt,omitempty"` 44 } 45 46 // Cgroup represents the "cgroup" field. 47 type Cgroup struct { 48 // V1 represents whether Cgroup v1 support is compiled in. 49 // Unrelated to whether the host uses cgroup v1 or not. 50 // Nil value means "unknown", not "false". 51 V1 *bool `json:"v1,omitempty"` 52 53 // V2 represents whether Cgroup v2 support is compiled in. 54 // Unrelated to whether the host uses cgroup v2 or not. 55 // Nil value means "unknown", not "false". 56 V2 *bool `json:"v2,omitempty"` 57 58 // Systemd represents whether systemd-cgroup support is compiled in. 59 // Unrelated to whether the host uses systemd or not. 60 // Nil value means "unknown", not "false". 61 Systemd *bool `json:"systemd,omitempty"` 62 63 // SystemdUser represents whether user-scoped systemd-cgroup support is compiled in. 64 // Unrelated to whether the host uses systemd or not. 65 // Nil value means "unknown", not "false". 66 SystemdUser *bool `json:"systemdUser,omitempty"` 67 68 // Rdma represents whether RDMA cgroup support is compiled in. 69 // Unrelated to whether the host supports RDMA or not. 70 // Nil value means "unknown", not "false". 71 Rdma *bool `json:"rdma,omitempty"` 72 } 73 74 // Seccomp represents the "seccomp" field. 75 type Seccomp struct { 76 // Enabled is true if seccomp support is compiled in. 77 // Nil value means "unknown", not "false". 78 Enabled *bool `json:"enabled,omitempty"` 79 80 // Actions is the list of the recognized actions, e.g., "SCMP_ACT_NOTIFY". 81 // Nil value means "unknown", not "no support for any action". 82 Actions []string `json:"actions,omitempty"` 83 84 // Operators is the list of the recognized operators, e.g., "SCMP_CMP_NE". 85 // Nil value means "unknown", not "no support for any operator". 86 Operators []string `json:"operators,omitempty"` 87 88 // Archs is the list of the recognized archs, e.g., "SCMP_ARCH_X86_64". 89 // Nil value means "unknown", not "no support for any arch". 90 Archs []string `json:"archs,omitempty"` 91 92 // KnownFlags is the list of the recognized filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". 93 // Nil value means "unknown", not "no flags are recognized". 94 KnownFlags []string `json:"knownFlags,omitempty"` 95 96 // SupportedFlags is the list of the supported filter flags, e.g., "SECCOMP_FILTER_FLAG_LOG". 97 // This list may be a subset of KnownFlags due to some flags 98 // not supported by the current kernel and/or libseccomp. 99 // Nil value means "unknown", not "no flags are supported". 100 SupportedFlags []string `json:"supportedFlags,omitempty"` 101 } 102 103 // Apparmor represents the "apparmor" field. 104 type Apparmor struct { 105 // Enabled is true if AppArmor support is compiled in. 106 // Unrelated to whether the host supports AppArmor or not. 107 // Nil value means "unknown", not "false". 108 Enabled *bool `json:"enabled,omitempty"` 109 } 110 111 // Selinux represents the "selinux" field. 112 type Selinux struct { 113 // Enabled is true if SELinux support is compiled in. 114 // Unrelated to whether the host supports SELinux or not. 115 // Nil value means "unknown", not "false". 116 Enabled *bool `json:"enabled,omitempty"` 117 } 118 119 // IntelRdt represents the "intelRdt" field. 120 type IntelRdt struct { 121 // Enabled is true if Intel RDT support is compiled in. 122 // Unrelated to whether the host supports Intel RDT or not. 123 // Nil value means "unknown", not "false". 124 Enabled *bool `json:"enabled,omitempty"` 125 } 126