github.com/apptainer/singularity@v3.1.1+incompatible/internal/pkg/runtime/engines/singularity/config/config.go (about) 1 // Copyright (c) 2019, Sylabs Inc. All rights reserved. 2 // This software is licensed under a 3-clause BSD license. Please consult the 3 // LICENSE.md file distributed with the sources of this project regarding your 4 // rights to use or distribute this software. 5 6 package singularity 7 8 import ( 9 "github.com/sylabs/singularity/internal/pkg/runtime/engines/config/oci" 10 "github.com/sylabs/singularity/pkg/image" 11 ) 12 13 // Name is the name of the runtime. 14 const Name = "singularity" 15 16 // FileConfig describes the singularity.conf file options 17 type FileConfig struct { 18 AllowSetuid bool `default:"yes" authorized:"yes,no" directive:"allow setuid"` 19 MaxLoopDevices uint `default:"256" directive:"max loop devices"` 20 AllowPidNs bool `default:"yes" authorized:"yes,no" directive:"allow pid ns"` 21 ConfigPasswd bool `default:"yes" authorized:"yes,no" directive:"config passwd"` 22 ConfigGroup bool `default:"yes" authorized:"yes,no" directive:"config group"` 23 ConfigResolvConf bool `default:"yes" authorized:"yes,no" directive:"config resolv_conf"` 24 MountProc bool `default:"yes" authorized:"yes,no" directive:"mount proc"` 25 MountSys bool `default:"yes" authorized:"yes,no" directive:"mount sys"` 26 MountDev string `default:"yes" authorized:"yes,no,minimal" directive:"mount dev"` 27 MountDevPts bool `default:"yes" authorized:"yes,no" directive:"mount devpts"` 28 MountHome bool `default:"yes" authorized:"yes,no" directive:"mount home"` 29 MountTmp bool `default:"yes" authorized:"yes,no" directive:"mount tmp"` 30 MountHostfs bool `default:"no" authorized:"yes,no" directive:"mount hostfs"` 31 BindPath []string `default:"/etc/localtime,/etc/hosts" directive:"bind path"` 32 UserBindControl bool `default:"yes" authorized:"yes,no" directive:"user bind control"` 33 EnableOverlay string `default:"try" authorized:"yes,no,try" directive:"enable overlay"` 34 EnableUnderlay bool `default:"yes" authorized:"yes,no" directive:"enable underlay"` 35 MountSlave bool `default:"yes" authorized:"yes,no" directive:"mount slave"` 36 SessiondirMaxSize uint `default:"16" directive:"sessiondir max size"` 37 LimitContainerOwners []string `directive:"limit container owners"` 38 LimitContainerGroups []string `directive:"limit container groups"` 39 LimitContainerPaths []string `directive:"limit container paths"` 40 AllowContainerSquashfs bool `default:"yes" authorized:"yes,no" directive:"allow container squashfs"` 41 AllowContainerExtfs bool `default:"yes" authorized:"yes,no" directive:"allow container extfs"` 42 AllowContainerDir bool `default:"yes" authorized:"yes,no" directive:"allow container dir"` 43 AutofsBugPath []string `directive:"autofs bug path"` 44 AlwaysUseNv bool `default:"no" authorized:"yes,no" directive:"always use nv"` 45 RootDefaultCapabilities string `default:"full" authorized:"full,file,no" directive:"root default capabilities"` 46 MemoryFSType string `default:"tmpfs" authorized:"tmpfs,ramfs" directive:"memory fs type"` 47 CniConfPath string `directive:"cni configuration path"` 48 CniPluginPath string `directive:"cni plugin path"` 49 MksquashfsPath string `directive:"mksquashfs path"` 50 SharedLoopDevices bool `default:"no" authorized:"yes,no" directive:"shared loop devices"` 51 } 52 53 // JSONConfig stores engine specific confguration that is allowed to be set by the user 54 type JSONConfig struct { 55 Image string `json:"image"` 56 WritableImage bool `json:"writableImage,omitempty"` 57 WritableTmpfs bool `json:"writableTmpfs,omitempty"` 58 OverlayImage []string `json:"overlayImage,omitempty"` 59 Contain bool `json:"container,omitempty"` 60 Nv bool `json:"nv,omitempty"` 61 Workdir string `json:"workdir,omitempty"` 62 ScratchDir []string `json:"scratchdir,omitempty"` 63 HomeSource string `json:"homedir,omitempty"` 64 HomeDest string `json:"homeDest,omitempty"` 65 CustomHome bool `json:"customHome,omitempty"` 66 BindPath []string `json:"bindpath,omitempty"` 67 Command string `json:"command,omitempty"` 68 Shell string `json:"shell,omitempty"` 69 TmpDir string `json:"tmpdir,omitempty"` 70 Instance bool `json:"instance,omitempty"` 71 InstanceJoin bool `json:"instanceJoin,omitempty"` 72 BootInstance bool `json:"bootInstance,omitempty"` 73 RunPrivileged bool `json:"runPrivileged,omitempty"` 74 AddCaps string `json:"addCaps,omitempty"` 75 DropCaps string `json:"dropCaps,omitempty"` 76 Hostname string `json:"hostname,omitempty"` 77 AllowSUID bool `json:"allowSUID,omitempty"` 78 KeepPrivs bool `json:"keepPrivs,omitempty"` 79 NoPrivs bool `json:"noPrivs,omitempty"` 80 NoHome bool `json:"noHome,omitempty"` 81 NoInit bool `json:"noInit,omitempty"` 82 ImageList []image.Image `json:"imageList,omitempty"` 83 Network string `json:"network,omitempty"` 84 NetworkArgs []string `json:"networkArgs,omitempty"` 85 DNS string `json:"dns,omitempty"` 86 Cwd string `json:"cwd,omitempty"` 87 Security []string `json:"security,omitempty"` 88 OpenFd []int `json:"openFd,omitempty"` 89 CgroupsPath string `json:"cgroupsPath,omitempty"` 90 TargetUID int `json:"targetUID,omitempty"` 91 TargetGID []int `json:"targetGID,omitempty"` 92 LibrariesPath []string `json:"librariesPath,omitempty"` 93 DeleteImage bool `json:"deleteImage,omitempty"` 94 } 95 96 // NewConfig returns singularity.EngineConfig with a parsed FileConfig 97 func NewConfig() *EngineConfig { 98 ret := &EngineConfig{ 99 JSON: &JSONConfig{}, 100 OciConfig: &oci.Config{}, 101 File: &FileConfig{}, 102 } 103 104 return ret 105 } 106 107 // SetImage sets the container image path to be used by EngineConfig.JSON. 108 func (e *EngineConfig) SetImage(name string) { 109 e.JSON.Image = name 110 } 111 112 // GetImage retrieves the container image path. 113 func (e *EngineConfig) GetImage() string { 114 return e.JSON.Image 115 } 116 117 // SetWritableImage defines the container image as writable or not. 118 func (e *EngineConfig) SetWritableImage(writable bool) { 119 e.JSON.WritableImage = writable 120 } 121 122 // GetWritableImage returns if the container image is writable or not. 123 func (e *EngineConfig) GetWritableImage() bool { 124 return e.JSON.WritableImage 125 } 126 127 // SetOverlayImage sets the overlay image path to be used on top of container image. 128 func (e *EngineConfig) SetOverlayImage(paths []string) { 129 e.JSON.OverlayImage = paths 130 } 131 132 // GetOverlayImage retrieves the overlay image path. 133 func (e *EngineConfig) GetOverlayImage() []string { 134 return e.JSON.OverlayImage 135 } 136 137 // SetContain sets contain flag. 138 func (e *EngineConfig) SetContain(contain bool) { 139 e.JSON.Contain = contain 140 } 141 142 // GetContain returns if contain flag is set or not. 143 func (e *EngineConfig) GetContain() bool { 144 return e.JSON.Contain 145 } 146 147 // SetNv sets nv flag to bind cuda libraries into containee.JSON. 148 func (e *EngineConfig) SetNv(nv bool) { 149 e.JSON.Nv = nv 150 } 151 152 // GetNv returns if nv flag is set or not. 153 func (e *EngineConfig) GetNv() bool { 154 return e.JSON.Nv 155 } 156 157 // SetWorkdir sets a work directory path. 158 func (e *EngineConfig) SetWorkdir(name string) { 159 e.JSON.Workdir = name 160 } 161 162 // GetWorkdir retrieves the work directory path. 163 func (e *EngineConfig) GetWorkdir() string { 164 return e.JSON.Workdir 165 } 166 167 // SetScratchDir set a scratch directory path. 168 func (e *EngineConfig) SetScratchDir(scratchdir []string) { 169 e.JSON.ScratchDir = scratchdir 170 } 171 172 // GetScratchDir retrieves the scratch directory path. 173 func (e *EngineConfig) GetScratchDir() []string { 174 return e.JSON.ScratchDir 175 } 176 177 // SetHomeSource sets the source home directory path. 178 func (e *EngineConfig) SetHomeSource(source string) { 179 e.JSON.HomeSource = source 180 } 181 182 // GetHomeSource retrieves the source home directory path. 183 func (e *EngineConfig) GetHomeSource() string { 184 return e.JSON.HomeSource 185 } 186 187 // SetHomeDest sets the container home directory path. 188 func (e *EngineConfig) SetHomeDest(dest string) { 189 e.JSON.HomeDest = dest 190 } 191 192 // GetHomeDest retrieves the container home directory path. 193 func (e *EngineConfig) GetHomeDest() string { 194 return e.JSON.HomeDest 195 } 196 197 // SetCustomHome sets if home path is a custom path or not. 198 func (e *EngineConfig) SetCustomHome(custom bool) { 199 e.JSON.CustomHome = custom 200 } 201 202 // GetCustomHome retrieves if home path is a custom path. 203 func (e *EngineConfig) GetCustomHome() bool { 204 return e.JSON.CustomHome 205 } 206 207 // SetBindPath sets paths to bind into containee.JSON. 208 func (e *EngineConfig) SetBindPath(bindpath []string) { 209 e.JSON.BindPath = bindpath 210 } 211 212 // GetBindPath retrieves bind paths. 213 func (e *EngineConfig) GetBindPath() []string { 214 return e.JSON.BindPath 215 } 216 217 // SetCommand sets action command to execute. 218 func (e *EngineConfig) SetCommand(command string) { 219 e.JSON.Command = command 220 } 221 222 // GetCommand retrieves action command. 223 func (e *EngineConfig) GetCommand() string { 224 return e.JSON.Command 225 } 226 227 // SetShell sets shell to be used by shell command. 228 func (e *EngineConfig) SetShell(shell string) { 229 e.JSON.Shell = shell 230 } 231 232 // GetShell retrieves shell for shell command. 233 func (e *EngineConfig) GetShell() string { 234 return e.JSON.Shell 235 } 236 237 // SetTmpDir sets temporary directory path. 238 func (e *EngineConfig) SetTmpDir(name string) { 239 e.JSON.TmpDir = name 240 } 241 242 // GetTmpDir retrieves temporary directory path. 243 func (e *EngineConfig) GetTmpDir() string { 244 return e.JSON.TmpDir 245 } 246 247 // SetInstance sets if container run as instance or not. 248 func (e *EngineConfig) SetInstance(instance bool) { 249 e.JSON.Instance = instance 250 } 251 252 // GetInstance returns if container run as instance or not. 253 func (e *EngineConfig) GetInstance() bool { 254 return e.JSON.Instance 255 } 256 257 // SetInstanceJoin sets if process joins an instance or not. 258 func (e *EngineConfig) SetInstanceJoin(join bool) { 259 e.JSON.InstanceJoin = join 260 } 261 262 // GetInstanceJoin returns if process joins an instance or not. 263 func (e *EngineConfig) GetInstanceJoin() bool { 264 return e.JSON.InstanceJoin 265 } 266 267 // SetBootInstance sets boot flag to execute /sbin/init as main instance process. 268 func (e *EngineConfig) SetBootInstance(boot bool) { 269 e.JSON.BootInstance = boot 270 } 271 272 // GetBootInstance returns if boot flag is set or not 273 func (e *EngineConfig) GetBootInstance() bool { 274 return e.JSON.BootInstance 275 } 276 277 // SetAddCaps sets bounding/effective/permitted/inheritable/ambient capabilities to add. 278 func (e *EngineConfig) SetAddCaps(caps string) { 279 e.JSON.AddCaps = caps 280 } 281 282 // GetAddCaps retrieves bounding/effective/permitted/inheritable/ambient capabilities to add. 283 func (e *EngineConfig) GetAddCaps() string { 284 return e.JSON.AddCaps 285 } 286 287 // SetDropCaps sets bounding/effective/permitted/inheritable/ambient capabilities to drop. 288 func (e *EngineConfig) SetDropCaps(caps string) { 289 e.JSON.DropCaps = caps 290 } 291 292 // GetDropCaps retrieves bounding/effective/permitted/inheritable/ambient capabilities to drop. 293 func (e *EngineConfig) GetDropCaps() string { 294 return e.JSON.DropCaps 295 } 296 297 // SetHostname sets hostname to use in containee.JSON. 298 func (e *EngineConfig) SetHostname(hostname string) { 299 e.JSON.Hostname = hostname 300 } 301 302 // GetHostname retrieves hostname to use in containee.JSON. 303 func (e *EngineConfig) GetHostname() string { 304 return e.JSON.Hostname 305 } 306 307 // SetAllowSUID sets allow-suid flag to allow to run setuid binary inside containee.JSON. 308 func (e *EngineConfig) SetAllowSUID(allow bool) { 309 e.JSON.AllowSUID = allow 310 } 311 312 // GetAllowSUID returns true if allow-suid is set and false if not. 313 func (e *EngineConfig) GetAllowSUID() bool { 314 return e.JSON.AllowSUID 315 } 316 317 // SetKeepPrivs sets keep-privs flag to allow root to retain all privileges. 318 func (e *EngineConfig) SetKeepPrivs(keep bool) { 319 e.JSON.KeepPrivs = keep 320 } 321 322 // GetKeepPrivs returns if keep-privs is set or not 323 func (e *EngineConfig) GetKeepPrivs() bool { 324 return e.JSON.KeepPrivs 325 } 326 327 // SetNoPrivs sets no-privs flag to force root user to lose all privileges. 328 func (e *EngineConfig) SetNoPrivs(nopriv bool) { 329 e.JSON.NoPrivs = nopriv 330 } 331 332 // GetNoPrivs returns if no-privs flag is set or not 333 func (e *EngineConfig) GetNoPrivs() bool { 334 return e.JSON.NoPrivs 335 } 336 337 // SetNoHome set no-home flag to not mount home user home directory 338 func (e *EngineConfig) SetNoHome(val bool) { 339 e.JSON.NoHome = val 340 } 341 342 // GetNoHome returns if no-home flag is set or not 343 func (e *EngineConfig) GetNoHome() bool { 344 return e.JSON.NoHome 345 } 346 347 // SetNoInit set noinit flag to not start shim init process 348 func (e *EngineConfig) SetNoInit(val bool) { 349 e.JSON.NoInit = val 350 } 351 352 // GetNoInit returns if noinit flag is set or not 353 func (e *EngineConfig) GetNoInit() bool { 354 return e.JSON.NoInit 355 } 356 357 // SetNetwork sets a list of commas separated networks to configure inside container 358 func (e *EngineConfig) SetNetwork(network string) { 359 e.JSON.Network = network 360 } 361 362 // GetNetwork retrieves a list of commas separated networks configured in container 363 func (e *EngineConfig) GetNetwork() string { 364 return e.JSON.Network 365 } 366 367 // SetNetworkArgs sets network arguments to pass to CNI plugins 368 func (e *EngineConfig) SetNetworkArgs(args []string) { 369 e.JSON.NetworkArgs = args 370 } 371 372 // GetNetworkArgs retrieves network arguments passed to CNI plugins 373 func (e *EngineConfig) GetNetworkArgs() []string { 374 return e.JSON.NetworkArgs 375 } 376 377 // SetDNS sets a commas separated list of DNS servers to add in resolv.conf 378 func (e *EngineConfig) SetDNS(dns string) { 379 e.JSON.DNS = dns 380 } 381 382 // GetDNS retrieves list of DNS servers 383 func (e *EngineConfig) GetDNS() string { 384 return e.JSON.DNS 385 } 386 387 // SetImageList sets image list containing opened images 388 func (e *EngineConfig) SetImageList(list []image.Image) { 389 e.JSON.ImageList = list 390 } 391 392 // GetImageList returns image list containing opened images 393 func (e *EngineConfig) GetImageList() []image.Image { 394 return e.JSON.ImageList 395 } 396 397 // SetCwd sets current working directory 398 func (e *EngineConfig) SetCwd(path string) { 399 e.JSON.Cwd = path 400 } 401 402 // GetCwd returns current working directory 403 func (e *EngineConfig) GetCwd() string { 404 return e.JSON.Cwd 405 } 406 407 // SetOpenFd sets a list of open file descriptor 408 func (e *EngineConfig) SetOpenFd(fds []int) { 409 e.JSON.OpenFd = fds 410 } 411 412 // GetOpenFd returns the list of open file descriptor 413 func (e *EngineConfig) GetOpenFd() []int { 414 return e.JSON.OpenFd 415 } 416 417 // SetWritableTmpfs sets writable tmpfs flag 418 func (e *EngineConfig) SetWritableTmpfs(writable bool) { 419 e.JSON.WritableTmpfs = writable 420 } 421 422 // GetWritableTmpfs returns if writable tmpfs is set or no 423 func (e *EngineConfig) GetWritableTmpfs() bool { 424 return e.JSON.WritableTmpfs 425 } 426 427 // SetSecurity sets security feature arguments 428 func (e *EngineConfig) SetSecurity(security []string) { 429 e.JSON.Security = security 430 } 431 432 // GetSecurity returns security feature arguments 433 func (e *EngineConfig) GetSecurity() []string { 434 return e.JSON.Security 435 } 436 437 // SetCgroupsPath sets path to cgroups profile 438 func (e *EngineConfig) SetCgroupsPath(path string) { 439 e.JSON.CgroupsPath = path 440 } 441 442 // GetCgroupsPath returns path to cgroups profile 443 func (e *EngineConfig) GetCgroupsPath() string { 444 return e.JSON.CgroupsPath 445 } 446 447 // SetTargetUID sets target UID to execute the container process as user ID 448 func (e *EngineConfig) SetTargetUID(uid int) { 449 e.JSON.TargetUID = uid 450 } 451 452 // GetTargetUID returns the target UID 453 func (e *EngineConfig) GetTargetUID() int { 454 return e.JSON.TargetUID 455 } 456 457 // SetTargetGID sets target GIDs to execute container process as group IDs 458 func (e *EngineConfig) SetTargetGID(gid []int) { 459 e.JSON.TargetGID = gid 460 } 461 462 // GetTargetGID returns the target GIDs 463 func (e *EngineConfig) GetTargetGID() []int { 464 return e.JSON.TargetGID 465 } 466 467 // SetLibrariesPath sets libraries to bind in container 468 // /.singularity.d/libs directory 469 func (e *EngineConfig) SetLibrariesPath(libraries []string) { 470 e.JSON.LibrariesPath = libraries 471 } 472 473 // GetLibrariesPath returns libraries to bind in container 474 // /.singularity.d/libs directory 475 func (e *EngineConfig) GetLibrariesPath() []string { 476 return e.JSON.LibrariesPath 477 } 478 479 // GetDeleteImage returns if container image must be deleted after use 480 func (e *EngineConfig) GetDeleteImage() bool { 481 return e.JSON.DeleteImage 482 } 483 484 // SetDeleteImage sets if container image must be deleted after use 485 func (e *EngineConfig) SetDeleteImage(delete bool) { 486 e.JSON.DeleteImage = delete 487 }