ACRN: Add runC container sample config file

This patch adds the runC container config file, we will run acrn-dm in runC container, and set acrn QoS parameters based on runC. In the config file we mount SOS root directory to the container and disable network/mount/ipc namespace. Tracked-On: projectacrn/acrn-hypervisor#2020 Signed-off-by: Long Liu <long.liu@intel.com> Acked-by: Yu Wang <yu1.wang@intel.com>
2025-07-04 02:56:52 +00:00 · 2018-12-10 15:14:09 +00:00 · 2018-12-10 15:14:09 +00:00 · c5d827ab1f
commit c5d827ab1f
parent da0cf3af71
2 changed files with 196 additions and 0 deletions
--- a/devicemodel/samples/apl-mrb/runC.json
+++ b/devicemodel/samples/apl-mrb/runC.json
@ -0,0 +1,98 @@
+{
+	"ociVersion": "1.0.1-dev",
+	"process": {
+		"terminal": false,
+		"user": {
+			"uid": 0,
+			"gid": 0
+		},
+		"args": [
+			"/usr/share/acrn/samples/apl-mrb/launch_uos.sh",
+			"-V",
+			"2"
+		],
+		"env": [
+			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+			"TERM=xterm"
+		],
+		"cwd": "/",
+		"capabilities": {
+			"bounding": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+
+			],
+			"effective": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			],
+			"inheritable": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			],
+			"permitted": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			],
+			"ambient": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			]
+		}
+	},
+	"root": {
+		"path": "rootfs",
+		"readonly": false
+	},
+	"hostname": "runc",
+	"mounts": [
+		{
+			"destination": "/",
+			"type": "none",
+			"source": "/",
+			"options": ["rbind","rw"]
+		}
+	],
+	"linux": {
+		"resources": {
+			"devices": [
+				{
+					"allow": true,
+					"access": "rwm"
+				}
+			]
+		},
+		"uidMappings": [
+			{
+				"hostID": 0,
+				"containerID": 0,
+				"size": 1
+			}
+		],
+		"gidMappings": [
+			{
+				"hostID": 0,
+				"containerID": 0,
+				"size": 1
+			}
+		],
+		"namespaces": [
+			{
+				"type": "pid"
+			},
+			{
+				"type": "uts"
+			}
+		]
+	}
+}
--- a/devicemodel/samples/nuc/runC.json
+++ b/devicemodel/samples/nuc/runC.json
@ -0,0 +1,98 @@
+{
+	"ociVersion": "1.0.1-dev",
+	"process": {
+		"terminal": false,
+		"user": {
+			"uid": 0,
+			"gid": 0
+		},
+		"args": [
+			"/usr/share/acrn/samples/apl-mrb/launch_uos.sh",
+			"-V",
+			"2"
+		],
+		"env": [
+			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+			"TERM=xterm"
+		],
+		"cwd": "/",
+		"capabilities": {
+			"bounding": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+
+			],
+			"effective": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			],
+			"inheritable": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			],
+			"permitted": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			],
+			"ambient": [
+				"CAP_SYS_ADMIN",
+				"CAP_SYS_RESOURCE",
+				"CAP_WAKE_ALARM",
+				"CAP_SYS_MODULE"
+			]
+		}
+	},
+	"root": {
+		"path": "rootfs",
+		"readonly": false
+	},
+	"hostname": "runc",
+	"mounts": [
+		{
+			"destination": "/",
+			"type": "none",
+			"source": "/",
+			"options": ["rbind","rw"]
+		}
+	],
+	"linux": {
+		"resources": {
+			"devices": [
+				{
+					"allow": true,
+					"access": "rwm"
+				}
+			]
+		},
+		"uidMappings": [
+			{
+				"hostID": 0,
+				"containerID": 0,
+				"size": 1
+			}
+		],
+		"gidMappings": [
+			{
+				"hostID": 0,
+				"containerID": 0,
+				"size": 1
+			}
+		],
+		"namespaces": [
+			{
+				"type": "pid"
+			},
+			{
+				"type": "uts"
+			}
+		]
+	}
+}