Browse code
Fix container.json sample to be loadable by nsinit.
Docker-DCO-1.1-Signed-off-by: Rohit Jnagal <jnagal@google.com> (github: rjnagal)
Rohit Jnagal authored on 2014/04/25 09:17:45Showing 3 changed files
| ... | ... |
@@ -41,21 +41,21 @@ Sample `container.json` file: |
| 41 | 41 |
"TERM=xterm" |
| 42 | 42 |
], |
| 43 | 43 |
"capabilities_mask" : [ |
| 44 |
- "SETPCAP", |
|
| 45 |
- "SYS_MODULE", |
|
| 46 |
- "SYS_RAWIO", |
|
| 47 |
- "SYS_PACCT", |
|
| 48 |
- "SYS_ADMIN", |
|
| 49 |
- "SYS_NICE", |
|
| 50 |
- "SYS_RESOURCE", |
|
| 51 |
- "SYS_TIME", |
|
| 52 |
- "SYS_TTY_CONFIG", |
|
| 53 |
- "MKNOD", |
|
| 54 |
- "AUDIT_WRITE", |
|
| 55 |
- "AUDIT_CONTROL", |
|
| 56 |
- "MAC_OVERRIDE", |
|
| 57 |
- "MAC_ADMIN", |
|
| 58 |
- "NET_ADMIN" |
|
| 44 |
+ { "key": "SETPCAP" },
|
|
| 45 |
+ { "key": "SYS_MODULE" },
|
|
| 46 |
+ { "key": "SYS_RAWIO" },
|
|
| 47 |
+ { "key": "SYS_PACCT" },
|
|
| 48 |
+ { "key": "SYS_ADMIN" },
|
|
| 49 |
+ { "key": "SYS_NICE" },
|
|
| 50 |
+ { "key": "SYS_RESOURCE" },
|
|
| 51 |
+ { "key": "SYS_TIME" },
|
|
| 52 |
+ { "key": "SYS_TTY_CONFIG" },
|
|
| 53 |
+ { "key": "MKNOD" },
|
|
| 54 |
+ { "key": "AUDIT_WRITE" },
|
|
| 55 |
+ { "key": "AUDIT_CONTROL" },
|
|
| 56 |
+ { "key": "MAC_OVERRIDE" },
|
|
| 57 |
+ { "key": "MAC_ADMIN" },
|
|
| 58 |
+ { "key": "NET_ADMIN" }
|
|
| 59 | 59 |
], |
| 60 | 60 |
"context" : {
|
| 61 | 61 |
"apparmor_profile" : "docker-default" |
| ... | ... |
@@ -81,11 +81,11 @@ Sample `container.json` file: |
| 81 | 81 |
} |
| 82 | 82 |
], |
| 83 | 83 |
"namespaces" : [ |
| 84 |
- "NEWNS", |
|
| 85 |
- "NEWUTS", |
|
| 86 |
- "NEWIPC", |
|
| 87 |
- "NEWPID", |
|
| 88 |
- "NEWNET" |
|
| 84 |
+ { "key": "NEWNS" },
|
|
| 85 |
+ { "key": "NEWUTS" },
|
|
| 86 |
+ { "key": "NEWIPC" },
|
|
| 87 |
+ { "key": "NEWPID" },
|
|
| 88 |
+ { "key": "NEWNET" }
|
|
| 89 | 89 |
] |
| 90 | 90 |
} |
| 91 | 91 |
``` |
| ... | ... |
@@ -8,28 +8,28 @@ |
| 8 | 8 |
"TERM=xterm-256color" |
| 9 | 9 |
], |
| 10 | 10 |
"namespaces": [ |
| 11 |
- "NEWIPC", |
|
| 12 |
- "NEWNS", |
|
| 13 |
- "NEWPID", |
|
| 14 |
- "NEWUTS", |
|
| 15 |
- "NEWNET" |
|
| 11 |
+ { "key": "NEWIPC" },
|
|
| 12 |
+ { "key": "NEWNS" },
|
|
| 13 |
+ { "key": "NEWPID" },
|
|
| 14 |
+ { "key": "NEWUTS" },
|
|
| 15 |
+ { "key": "NEWNET" }
|
|
| 16 | 16 |
], |
| 17 | 17 |
"capabilities_mask": [ |
| 18 |
- "SETPCAP", |
|
| 19 |
- "SYS_MODULE", |
|
| 20 |
- "SYS_RAWIO", |
|
| 21 |
- "SYS_PACCT", |
|
| 22 |
- "SYS_ADMIN", |
|
| 23 |
- "SYS_NICE", |
|
| 24 |
- "SYS_RESOURCE", |
|
| 25 |
- "SYS_TIME", |
|
| 26 |
- "SYS_TTY_CONFIG", |
|
| 27 |
- "MKNOD", |
|
| 28 |
- "AUDIT_WRITE", |
|
| 29 |
- "AUDIT_CONTROL", |
|
| 30 |
- "MAC_OVERRIDE", |
|
| 31 |
- "MAC_ADMIN", |
|
| 32 |
- "NET_ADMIN" |
|
| 18 |
+ { "key": "SETPCAP" },
|
|
| 19 |
+ { "key": "SYS_MODULE" },
|
|
| 20 |
+ { "key": "SYS_RAWIO" },
|
|
| 21 |
+ { "key": "SYS_PACCT" },
|
|
| 22 |
+ { "key": "SYS_ADMIN" },
|
|
| 23 |
+ { "key": "SYS_NICE" },
|
|
| 24 |
+ { "key": "SYS_RESOURCE" },
|
|
| 25 |
+ { "key": "SYS_TIME" },
|
|
| 26 |
+ { "key": "SYS_TTY_CONFIG" },
|
|
| 27 |
+ { "key": "MKNOD" },
|
|
| 28 |
+ { "key": "AUDIT_WRITE" },
|
|
| 29 |
+ { "key": "AUDIT_CONTROL" },
|
|
| 30 |
+ { "key": "MAC_OVERRIDE" },
|
|
| 31 |
+ { "key": "MAC_ADMIN" },
|
|
| 32 |
+ { "key": "NET_ADMIN" }
|
|
| 33 | 33 |
], |
| 34 | 34 |
"networks": [{
|
| 35 | 35 |
"type": "veth", |
| ... | ... |
@@ -45,6 +45,7 @@ |
| 45 | 45 |
"cgroups": {
|
| 46 | 46 |
"name": "docker-koye", |
| 47 | 47 |
"parent": "docker", |
| 48 |
- "memory": 5248000 |
|
| 48 |
+ "memory": 5248000, |
|
| 49 |
+ "cpu_shares": 1024 |
|
| 49 | 50 |
} |
| 50 | 51 |
} |
| 51 | 52 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,60 @@ |
| 0 |
+package libcontainer |
|
| 1 |
+ |
|
| 2 |
+import ( |
|
| 3 |
+ "encoding/json" |
|
| 4 |
+ "os" |
|
| 5 |
+ "testing" |
|
| 6 |
+) |
|
| 7 |
+ |
|
| 8 |
+func TestContainerJsonFormat(t *testing.T) {
|
|
| 9 |
+ f, err := os.Open("container.json")
|
|
| 10 |
+ if err != nil {
|
|
| 11 |
+ t.Fatal("Unable to open container.json")
|
|
| 12 |
+ } |
|
| 13 |
+ defer f.Close() |
|
| 14 |
+ |
|
| 15 |
+ var container *Container |
|
| 16 |
+ if err := json.NewDecoder(f).Decode(&container); err != nil {
|
|
| 17 |
+ t.Log("failed to decode container config")
|
|
| 18 |
+ t.FailNow() |
|
| 19 |
+ } |
|
| 20 |
+ if container.Hostname != "koye" {
|
|
| 21 |
+ t.Log("hostname is not set")
|
|
| 22 |
+ t.Fail() |
|
| 23 |
+ } |
|
| 24 |
+ |
|
| 25 |
+ if !container.Tty {
|
|
| 26 |
+ t.Log("tty should be set to true")
|
|
| 27 |
+ t.Fail() |
|
| 28 |
+ } |
|
| 29 |
+ |
|
| 30 |
+ if !container.Namespaces.Contains("NEWNET") {
|
|
| 31 |
+ t.Log("namespaces should contain NEWNET")
|
|
| 32 |
+ t.Fail() |
|
| 33 |
+ } |
|
| 34 |
+ |
|
| 35 |
+ if container.Namespaces.Contains("NEWUSER") {
|
|
| 36 |
+ t.Log("namespaces should not contain NEWUSER")
|
|
| 37 |
+ t.Fail() |
|
| 38 |
+ } |
|
| 39 |
+ |
|
| 40 |
+ if !container.CapabilitiesMask.Contains("SYS_ADMIN") {
|
|
| 41 |
+ t.Log("capabilities should contain SYS_ADMIN")
|
|
| 42 |
+ t.Fail() |
|
| 43 |
+ } |
|
| 44 |
+ |
|
| 45 |
+ if container.CapabilitiesMask.Contains("SYS_CHROOT") {
|
|
| 46 |
+ t.Log("capabitlies should not contain SYS_CHROOT")
|
|
| 47 |
+ t.Fail() |
|
| 48 |
+ } |
|
| 49 |
+ |
|
| 50 |
+ if container.Cgroups.CpuShares != 1024 {
|
|
| 51 |
+ t.Log("cpu shares not set correctly")
|
|
| 52 |
+ t.Fail() |
|
| 53 |
+ } |
|
| 54 |
+ |
|
| 55 |
+ if container.Cgroups.Memory != 5248000 {
|
|
| 56 |
+ t.Log("memory limit not set correctly")
|
|
| 57 |
+ t.Fail() |
|
| 58 |
+ } |
|
| 59 |
+} |