Merge pull request #3716 from djs55/containup-devices2

Add OCI devices to yaml (needed by getty with runc v1.0.0-rc95)
This commit is contained in:
Rolf Neugebauer 2021-10-16 10:35:35 +01:00 committed by GitHub
commit d71299a2c1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
60 changed files with 229 additions and 92 deletions

View File

@ -232,6 +232,31 @@ services:
- CAP_DAC_OVERRIDE - CAP_DAC_OVERRIDE
``` ```
## `devices`
To access the console, it's necessary to explicitly add a "device" definition, for example:
```
devices:
- path: "/dev/console"
type: c
major: 5
minor: 1
mode: 0666
```
See the [getty package](../pkg/getty/build.yml) for a more complete example
and see [runc](https://github.com/opencontainers/runc/commit/60e21ec26e15945259d4b1e790e8fd119ee86467) for context.
To grant access to all block devices use:
```
devices:
- path: all
type: b
```
See the [format package](../pkg/format/build.yml) for an example.
### Mount Options ### Mount Options
When mounting filesystem paths into a container - whether as part of `onboot` or `services` - there are several options of which you need to be aware. Using them properly is necessary for your containers to function properly. When mounting filesystem paths into a container - whether as part of `onboot` or `services` - there are several options of which you need to be aware. Using them properly is necessary for your containers to function properly.

View File

@ -14,7 +14,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
binds.add: binds.add:
# this will keep all of the existing ones as well # this will keep all of the existing ones as well
- /var/tmp:/var/tmp - /var/tmp:/var/tmp

View File

@ -15,14 +15,14 @@ onboot:
- name: sysfs - name: sysfs
image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -13,10 +13,10 @@ onboot:
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "/dev/sda"] command: ["/usr/bin/format", "/dev/sda"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/dev/sda1", "/var/external"] command: ["/usr/bin/mountie", "/dev/sda1", "/var/external"]
- name: loop - name: loop
image: linuxkit/losetup:db35344a21e44a55195540a8670886f60aa77201 image: linuxkit/losetup:db35344a21e44a55195540a8670886f60aa77201
@ -25,7 +25,7 @@ onboot:
image: linuxkit/dm-crypt:4daf2010d088955b42ba50db813226e4b3f773cb image: linuxkit/dm-crypt:4daf2010d088955b42ba50db813226e4b3f773cb
command: ["/usr/bin/crypto", "crypt_loop_dev", "/dev/loop0"] command: ["/usr/bin/crypto", "crypt_loop_dev", "/dev/loop0"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/dev/mapper/crypt_loop_dev", "/var/secure_storage"] command: ["/usr/bin/mountie", "/dev/mapper/crypt_loop_dev", "/var/secure_storage"]
- name: bbox - name: bbox
image: busybox image: busybox
@ -34,7 +34,7 @@ onboot:
- /var:/var - /var:/var
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -13,13 +13,13 @@ onboot:
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "/dev/sda"] command: ["/usr/bin/format", "/dev/sda"]
- name: dm-crypt - name: dm-crypt
image: linuxkit/dm-crypt:4daf2010d088955b42ba50db813226e4b3f773cb image: linuxkit/dm-crypt:4daf2010d088955b42ba50db813226e4b3f773cb
command: ["/usr/bin/crypto", "crypt_dev", "/dev/sda1"] command: ["/usr/bin/crypto", "crypt_dev", "/dev/sda1"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/dev/mapper/crypt_dev", "/var/secure_storage"] command: ["/usr/bin/mountie", "/dev/mapper/crypt_dev", "/var/secure_storage"]
- name: bbox - name: bbox
image: busybox image: busybox
@ -28,7 +28,7 @@ onboot:
- /var:/var - /var:/var
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -20,13 +20,13 @@ onboot:
image: linuxkit/binfmt:5567917e7de481e4867d31c7490a0ebdb70e04a5 image: linuxkit/binfmt:5567917e7de481e4867d31c7490a0ebdb70e04a5
# Format and mount the disk image in /var/lib/docker # Format and mount the disk image in /var/lib/docker
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib"] command: ["/usr/bin/mountie", "/var/lib"]
# make a swap file on the mounted disk # make a swap file on the mounted disk
- name: swap - name: swap
image: linuxkit/swap:0028aeae2741d28120e4d2c6efcc5af003eae395 image: linuxkit/swap:7f7074c05bad414af39f2374301b72bc67314715
command: ["/swap.sh", "--path", "/var/lib/swap", "--size", "1024M"] command: ["/swap.sh", "--path", "/var/lib/swap", "--size", "1024M"]
# mount-vpnkit mounts the 9p share used by vpnkit to coordinate port forwarding # mount-vpnkit mounts the 9p share used by vpnkit to coordinate port forwarding
- name: mount-vpnkit - name: mount-vpnkit
@ -52,7 +52,7 @@ services:
image: linuxkit/acpid:d2ddd88c7918466f875e7c5c3e527b51dfb0b0ea image: linuxkit/acpid:d2ddd88c7918466f875e7c5c3e527b51dfb0b0ea
# Enable getty for easier debugging # Enable getty for easier debugging
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
# Run ntpd to keep time synchronised in the VM # Run ntpd to keep time synchronised in the VM

View File

@ -12,13 +12,13 @@ onboot:
- name: sysfs - name: sysfs
image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -14,7 +14,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
# to make insecure with passwordless root login, uncomment following lines # to make insecure with passwordless root login, uncomment following lines
#env: #env:
# - INSECURE=true # - INSECURE=true

View File

@ -18,7 +18,7 @@ onshutdown:
command: ["/bin/echo", "so long and thanks for all the fish"] command: ["/bin/echo", "so long and thanks for all the fish"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
runtime: runtime:

View File

@ -12,7 +12,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: influxdb - name: influxdb

View File

@ -17,7 +17,7 @@ onboot:
services: services:
# Inside the getty type `/proc/1/root/usr/bin/logread -F` to follow the log # Inside the getty type `/proc/1/root/usr/bin/logread -F` to follow the log
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
# A service which generates log messages for testing # A service which generates log messages for testing

View File

@ -11,6 +11,6 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true

View File

@ -7,7 +7,7 @@ init:
- linuxkit/containerd:cc02c2af9c928c2faeccbe4edc78bd297ad91866 - linuxkit/containerd:cc02c2af9c928c2faeccbe4edc78bd297ad91866
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -16,7 +16,7 @@ onboot:
image: linuxkit/metadata:91125438842110e7709811997815b7b33dc18d1d image: linuxkit/metadata:91125438842110e7709811997815b7b33dc18d1d
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -24,7 +24,7 @@ services:
- name: rngd - name: rngd
image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45 image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: sshd - name: sshd

View File

@ -24,7 +24,7 @@ services:
- name: rngd - name: rngd
image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45 image: linuxkit/rngd:bdabfe138f05f7d48396d2f435af16f5a6ccaa45
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: sshd - name: sshd

View File

@ -11,7 +11,7 @@ onboot:
image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -19,7 +19,7 @@ onboot:
image: linuxkit/metadata:91125438842110e7709811997815b7b33dc18d1d image: linuxkit/metadata:91125438842110e7709811997815b7b33dc18d1d
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -11,7 +11,7 @@ onboot:
image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -17,7 +17,7 @@ onboot:
command: ["/usr/bin/metadata", "vultr"] command: ["/usr/bin/metadata", "vultr"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -13,7 +13,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
# Currently redis:4.0.6-alpine has trust issue with multi-arch # Currently redis:4.0.6-alpine has trust issue with multi-arch

View File

@ -14,7 +14,7 @@ onboot:
command: ["/sbin/rngd", "-1"] command: ["/sbin/rngd", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -13,7 +13,7 @@ onboot:
command: ["ip", "-b", "/etc/ip/eth0.conf"] command: ["ip", "-b", "/etc/ip/eth0.conf"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
files: files:

View File

@ -13,18 +13,18 @@ onboot:
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/external"] command: ["/usr/bin/mountie", "/var/external"]
- name: swap - name: swap
image: linuxkit/swap:0028aeae2741d28120e4d2c6efcc5af003eae395 image: linuxkit/swap:7f7074c05bad414af39f2374301b72bc67314715
# to use unencrypted swap, use: # to use unencrypted swap, use:
# command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G"] # command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G"]
command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"] command: ["/swap.sh", "--path", "/var/external/swap", "--size", "1G", "--encrypt"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -14,7 +14,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: tss - name: tss

View File

@ -40,7 +40,7 @@ onboot:
net: /run/netns/wg1 net: /run/netns/wg1
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
net: /run/netns/wg1 net: /run/netns/wg1

View File

@ -18,7 +18,7 @@ onshutdown:
command: ["/bin/echo", "so long and thanks for all the fish"] command: ["/bin/echo", "so long and thanks for all the fish"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -2,6 +2,10 @@ image: format
config: config:
binds: binds:
- /dev:/dev - /dev:/dev
devices:
# all block devices
- path: all
type: b
capabilities: capabilities:
- CAP_SYS_ADMIN - CAP_SYS_ADMIN
- CAP_MKNOD - CAP_MKNOD

View File

@ -14,5 +14,27 @@ config:
- /var/lib/containerd:/var/lib/containerd - /var/lib/containerd:/var/lib/containerd
- /dev:/dev - /dev:/dev
- /sys:/sys - /sys:/sys
devices:
# individual console / tty character devices
- path: "/dev/console"
type: c
major: 5
minor: 1
mode: 0666
- path: "/dev/tty0"
type: c
major: 4
minor: 0
mode: 0666
- path: "/dev/ttyS0"
type: c
major: 4
minor: 64
mode: 0666
- path: "/dev/ttyAMA0"
type: c
major: 204
minor: 64
mode: 0666
capabilities: capabilities:
- all - all

View File

@ -4,6 +4,10 @@ config:
- /dev:/dev - /dev:/dev
- /var:/var:rshared,rbind - /var:/var:rshared,rbind
- /:/hostroot - /:/hostroot
devices:
# all block devices
- path: all
type: b
capabilities: capabilities:
- CAP_SYS_ADMIN - CAP_SYS_ADMIN
rootfsPropagation: shared rootfsPropagation: shared

View File

@ -3,6 +3,10 @@ config:
binds: binds:
- /dev:/dev - /dev:/dev
- /var:/var - /var:/var
devices:
# all devices (/dev/mapper is a character device)
- path: all
type: a
capabilities: capabilities:
- CAP_SYS_ADMIN - CAP_SYS_ADMIN
- CAP_MKNOD - CAP_MKNOD

View File

@ -15,13 +15,13 @@ onboot:
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -15,13 +15,13 @@ onboot:
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -11,7 +11,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
trust: trust:

View File

@ -12,7 +12,7 @@ onboot:
image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -30,7 +30,7 @@ services:
- name: sshd - name: sshd
image: linuxkit/sshd:add8c094a9a253870b0a596796628fd4ec220b70 image: linuxkit/sshd:add8c094a9a253870b0a596796628fd4ec220b70
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
files: files:

View File

@ -13,7 +13,7 @@ services:
- name: dhcpcd - name: dhcpcd
image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388 image: linuxkit/dhcpcd:1033f340e2d42f86a60aab70752346f0045ea388
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
trust: trust:

View File

@ -14,7 +14,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
env: env:
- INSECURE=true - INSECURE=true
- name: rngd - name: rngd

View File

@ -2,6 +2,7 @@ package moby
import ( import (
"fmt" "fmt"
"os"
"sort" "sort"
"strconv" "strconv"
"strings" "strings"
@ -70,6 +71,7 @@ type ImageConfig struct {
Mounts *[]specs.Mount `yaml:"mounts,omitempty" json:"mounts,omitempty"` Mounts *[]specs.Mount `yaml:"mounts,omitempty" json:"mounts,omitempty"`
Binds *[]string `yaml:"binds,omitempty" json:"binds,omitempty"` Binds *[]string `yaml:"binds,omitempty" json:"binds,omitempty"`
BindsAdd *[]string `yaml:"binds.add,omitempty" json:"binds.add,omitempty"` BindsAdd *[]string `yaml:"binds.add,omitempty" json:"binds.add,omitempty"`
Devices *[]Device `yaml:"devices,omitempty" json:"devices,omitempty"`
Tmpfs *[]string `yaml:"tmpfs,omitempty" json:"tmpfs,omitempty"` Tmpfs *[]string `yaml:"tmpfs,omitempty" json:"tmpfs,omitempty"`
Command *[]string `yaml:"command,omitempty" json:"command,omitempty"` Command *[]string `yaml:"command,omitempty" json:"command,omitempty"`
Env *[]string `yaml:"env,omitempty" json:"env,omitempty"` Env *[]string `yaml:"env,omitempty" json:"env,omitempty"`
@ -102,6 +104,15 @@ type ImageConfig struct {
ref *reference.Spec ref *reference.Spec
} }
// Device specifies a device to be exposed to the container.
type Device struct {
Path string `yaml:"path" json:"path"`
Type string `yaml:"type" json:"type"`
Major int64 `yaml:"major" json:"major"`
Minor int64 `yaml:"minor" json:"minor"`
Mode string `yaml:"mode,omitempty" json:"mode,omitempty"`
}
// Runtime is the type of config processed at runtime, not used to build the OCI spec // Runtime is the type of config processed at runtime, not used to build the OCI spec
type Runtime struct { type Runtime struct {
Cgroups *[]string `yaml:"cgroups,omitempty" json:"cgroups,omitempty"` Cgroups *[]string `yaml:"cgroups,omitempty" json:"cgroups,omitempty"`
@ -561,6 +572,17 @@ func assignResources(v1, v2 *specs.LinuxResources) specs.LinuxResources {
return specs.LinuxResources{} return specs.LinuxResources{}
} }
// assignDevices does ordered overrides from Devices
func assignDevices(v1, v2 *[]Device) []Device {
if v2 != nil {
return *v2
}
if v1 != nil {
return *v1
}
return []Device{}
}
// assignRuntime does ordered overrides from Runtime // assignRuntime does ordered overrides from Runtime
func assignRuntime(v1, v2 *Runtime) Runtime { func assignRuntime(v1, v2 *Runtime) Runtime {
if v1 == nil { if v1 == nil {
@ -1021,6 +1043,36 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
resources := assignResources(label.Resources, yaml.Resources) resources := assignResources(label.Resources, yaml.Resources)
devices := assignDevices(label.Devices, yaml.Devices)
var linuxDevices []specs.LinuxDevice
for _, device := range devices {
if device.Path == "all" {
// add a category of devices to the device whitelist cgroup controller
resources.Devices = append(resources.Devices, specs.LinuxDeviceCgroup{
Allow: true,
Type: device.Type,
Access: "rwm", // read, write, mknod
})
continue
}
mode, err := strconv.ParseInt(device.Mode, 8, 32)
if err != nil {
return oci, runtime, fmt.Errorf("Cannot parse device mode as octal value: %v", err)
}
fileMode := os.FileMode(mode)
linuxDevice := specs.LinuxDevice{
Path: device.Path,
Type: device.Type,
Major: device.Major,
Minor: device.Minor,
FileMode: &fileMode,
}
linuxDevices = append(linuxDevices, linuxDevice)
// to access the device it must be added to the device whitelist cgroup controller
// see https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/devices.html
resources.Devices = append(resources.Devices, deviceCgroup(linuxDevice))
}
oci.Linux = &specs.Linux{ oci.Linux = &specs.Linux{
UIDMappings: assignMappings(label.UIDMappings, yaml.UIDMappings), UIDMappings: assignMappings(label.UIDMappings, yaml.UIDMappings),
GIDMappings: assignMappings(label.GIDMappings, yaml.GIDMappings), GIDMappings: assignMappings(label.GIDMappings, yaml.GIDMappings),
@ -1028,7 +1080,7 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
Resources: &resources, Resources: &resources,
CgroupsPath: assignString(label.CgroupsPath, yaml.CgroupsPath), CgroupsPath: assignString(label.CgroupsPath, yaml.CgroupsPath),
Namespaces: namespaces, Namespaces: namespaces,
// Devices Devices: linuxDevices,
// Seccomp // Seccomp
RootfsPropagation: assignString(label.RootfsPropagation, yaml.RootfsPropagation), RootfsPropagation: assignString(label.RootfsPropagation, yaml.RootfsPropagation),
MaskedPaths: assignStrings(label.MaskedPaths, yaml.MaskedPaths), MaskedPaths: assignStrings(label.MaskedPaths, yaml.MaskedPaths),
@ -1041,3 +1093,13 @@ func ConfigToOCI(yaml *Image, config imagespec.ImageConfig, idMap map[string]uin
return oci, runtime, nil return oci, runtime, nil
} }
func deviceCgroup(device specs.LinuxDevice) specs.LinuxDeviceCgroup {
return specs.LinuxDeviceCgroup{
Allow: true,
Type: device.Type,
Major: &device.Major,
Minor: &device.Minor,
Access: "rwm", // read, write, mknod
}
}

View File

@ -67,6 +67,21 @@ var schema = string(`
"type": "array", "type": "array",
"items": { "$ref": "#/definitions/mount" } "items": { "$ref": "#/definitions/mount" }
}, },
"device": {
"type": "object",
"additionalProperties": false,
"properties": {
"path": { "type": "string" },
"type": { "type": "string" },
"major": { "type": "integer" },
"minor": { "type": "integer" },
"mode": { "type": "string" }
}
},
"devices": {
"type": "array",
"items": { "$ref": "#/definitions/device" }
},
"idmapping": { "idmapping": {
"type": "object", "type": "object",
"additionalProperties": false, "additionalProperties": false,
@ -265,6 +280,7 @@ var schema = string(`
"mounts": { "$ref": "#/definitions/mounts" }, "mounts": { "$ref": "#/definitions/mounts" },
"binds": { "$ref": "#/definitions/strings" }, "binds": { "$ref": "#/definitions/strings" },
"binds.add": { "$ref": "#/definitions/strings" }, "binds.add": { "$ref": "#/definitions/strings" },
"devices": { "$ref": "#/definitions/devices" },
"tmpfs": { "$ref": "#/definitions/strings" }, "tmpfs": { "$ref": "#/definitions/strings" },
"command": { "$ref": "#/definitions/strings" }, "command": { "$ref": "#/definitions/strings" },
"env": { "$ref": "#/definitions/strings" }, "env": { "$ref": "#/definitions/strings" },

View File

@ -6,7 +6,7 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
binds.add: binds.add:
- /check.sh:/check.sh - /check.sh:/check.sh
- /var/tmp:/var/tmp - /var/tmp:/var/tmp

View File

@ -12,9 +12,9 @@ onboot:
- name: sysfs - name: sysfs
image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c image: linuxkit/sysfs:3498aa99c90a29439b5a1926f6ffcd75c270372c
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
services: services:
- name: rngd - name: rngd

View File

@ -13,9 +13,9 @@ onboot:
- name: sysctl - name: sysctl
image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a image: linuxkit/sysctl:02d2bd74509fd063857ceb4c4f502f09ee4f2e0a
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib"] command: ["/usr/bin/mountie", "/var/lib"]
- name: test - name: test
image: linuxkit/test-containerd:701421314e1b114c4787255431e066a681e80f16 image: linuxkit/test-containerd:701421314e1b114c4787255431e066a681e80f16

View File

@ -6,9 +6,9 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -8,7 +8,7 @@ onboot:
- name: extend - name: extend
image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -9,10 +9,10 @@ onboot:
image: linuxkit/modprobe:e2045c96cd2d3ef08eaf452396462d9205667690 image: linuxkit/modprobe:e2045c96cd2d3ef08eaf452396462d9205667690
command: ["modprobe", "btrfs"] command: ["modprobe", "btrfs"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-type", "btrfs" ] command: ["/usr/bin/format", "-type", "btrfs" ]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -12,7 +12,7 @@ onboot:
image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990
command: ["/usr/bin/extend", "-type", "btrfs"] command: ["/usr/bin/extend", "-type", "btrfs"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,10 +6,10 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-type", "xfs"] command: ["/usr/bin/format", "-type", "xfs"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -9,7 +9,7 @@ onboot:
image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990
command: ["/usr/bin/extend", "-type", "xfs"] command: ["/usr/bin/extend", "-type", "xfs"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,10 +6,10 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-partition", "gpt"] command: ["/usr/bin/format", "-partition", "gpt"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -8,7 +8,7 @@ onboot:
- name: extend - name: extend
image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990 image: linuxkit/extend:d0d5e69ba5716bd48d260b15510ca258ae17f990
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,10 +6,10 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format"] command: ["/usr/bin/format"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,10 +6,10 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-label", "docker"] command: ["/usr/bin/format", "-label", "docker"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "-label", "docker", "/var/lib/docker"] command: ["/usr/bin/mountie", "-label", "docker", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,10 +6,10 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "@DEVICE@"] command: ["/usr/bin/format", "@DEVICE@"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "-device", "@DEVICE@1", "/var/lib/docker"] command: ["/usr/bin/mountie", "-device", "@DEVICE@1", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -9,10 +9,10 @@ onboot:
image: linuxkit/modprobe:e2045c96cd2d3ef08eaf452396462d9205667690 image: linuxkit/modprobe:e2045c96cd2d3ef08eaf452396462d9205667690
command: ["modprobe", "btrfs"] command: ["modprobe", "btrfs"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-type", "btrfs" ] command: ["/usr/bin/format", "-type", "btrfs" ]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,10 +6,10 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-type", "xfs" ] command: ["/usr/bin/format", "-type", "xfs" ]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,19 +6,19 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-verbose", "-type", "ext4", "/dev/sda"] command: ["/usr/bin/format", "-verbose", "-type", "ext4", "/dev/sda"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-verbose", "-type", "ext4", "/dev/sdb"] command: ["/usr/bin/format", "-verbose", "-type", "ext4", "/dev/sdb"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-verbose", "-type", "xfs", "/dev/sda"] command: ["/usr/bin/format", "-verbose", "-type", "xfs", "/dev/sda"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-verbose", "-force", "-type", "xfs", "/dev/sdb"] command: ["/usr/bin/format", "-verbose", "-force", "-type", "xfs", "/dev/sdb"]
- name: test - name: test
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
binds: binds:
- /check.sh:/check.sh - /check.sh:/check.sh
command: ["sh", "./check.sh"] command: ["sh", "./check.sh"]

View File

@ -6,10 +6,10 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-partition", "gpt"] command: ["/usr/bin/format", "-partition", "gpt"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "/var/lib/docker"] command: ["/usr/bin/mountie", "/var/lib/docker"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -6,16 +6,16 @@ init:
- linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d - linuxkit/runc:bf1e0c61fb4678d6428d0aabbd80db5ea24e4d4d
onboot: onboot:
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-label", "docker"] command: ["/usr/bin/format", "-label", "docker"]
- name: format - name: format
image: linuxkit/format:fdad8c50d594712537f94862dab3d955cbb48fc3 image: linuxkit/format:cf335053c7d0b4cd8cc2d136e9392ea5904a71dc
command: ["/usr/bin/format", "-label", "foo"] command: ["/usr/bin/format", "-label", "foo"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "-label", "docker", "/var/lib/docker"] command: ["/usr/bin/mountie", "-label", "docker", "/var/lib/docker"]
- name: mount - name: mount
image: linuxkit/mount:71c868267a4503f99e84fd7698717a3669d9dfdb image: linuxkit/mount:a9a5f731261891bd880e108e6fa2be5bac2f63ba
command: ["/usr/bin/mountie", "-label", "foo", "/var/foo"] command: ["/usr/bin/mountie", "-label", "foo", "/var/foo"]
- name: test - name: test
image: alpine:3.13 image: alpine:3.13

View File

@ -12,7 +12,7 @@ onboot:
command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"] command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
services: services:
- name: getty - name: getty
image: linuxkit/getty:ed32c71531f5998aa510847bb07bd847492d4101 image: linuxkit/getty:ebe3397aa9b08e8f310121fdb0aac9406e1c8e73
files: files:
- path: etc/getty.shadow - path: etc/getty.shadow
# sample sets password for root to "abcdefgh" (without quotes) # sample sets password for root to "abcdefgh" (without quotes)