github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/libpod/define/annotations.go (about)

     1  package define
     2  
     3  const (
     4  	// InspectAnnotationCIDFile is used by Inspect to determine if a
     5  	// container ID file was created for the container.
     6  	// If an annotation with this key is found in the OCI spec, it will be
     7  	// used in the output of Inspect().
     8  	InspectAnnotationCIDFile = "io.podman.annotations.cid-file"
     9  	// InspectAnnotationAutoremove is used by Inspect to determine if a
    10  	// container will be automatically removed on exit.
    11  	// If an annotation with this key is found in the OCI spec and is one of
    12  	// the two supported boolean values (InspectResponseTrue and
    13  	// InspectResponseFalse) it will be used in the output of Inspect().
    14  	InspectAnnotationAutoremove = "io.podman.annotations.autoremove"
    15  	// InspectAnnotationVolumesFrom is used by Inspect to identify
    16  	// containers whose volumes are are being used by this container.
    17  	// It is expected to be a comma-separated list of container names and/or
    18  	// IDs.
    19  	// If an annotation with this key is found in the OCI spec, it will be
    20  	// used in the output of Inspect().
    21  	InspectAnnotationVolumesFrom = "io.podman.annotations.volumes-from"
    22  	// InspectAnnotationPrivileged is used by Inspect to identify containers
    23  	// which are privileged (IE, running with elevated privileges).
    24  	// It is expected to be a boolean, populated by one of
    25  	// InspectResponseTrue or InspectResponseFalse.
    26  	// If an annotation with this key is found in the OCI spec, it will be
    27  	// used in the output of Inspect().
    28  	InspectAnnotationPrivileged = "io.podman.annotations.privileged"
    29  	// InspectAnnotationPublishAll is used by Inspect to identify containers
    30  	// which have all the ports from their image published.
    31  	// It is expected to be a boolean, populated by one of
    32  	// InspectResponseTrue or InspectResponseFalse.
    33  	// If an annotation with this key is found in the OCI spec, it will be
    34  	// used in the output of Inspect().
    35  	InspectAnnotationPublishAll = "io.podman.annotations.publish-all"
    36  	// InspectAnnotationInit is used by Inspect to identify containers that
    37  	// mount an init binary in.
    38  	// It is expected to be a boolean, populated by one of
    39  	// InspectResponseTrue or InspectResponseFalse.
    40  	// If an annotation with this key is found in the OCI spec, it will be
    41  	// used in the output of Inspect().
    42  	InspectAnnotationInit = "io.podman.annotations.init"
    43  	// InspectAnnotationLabel is used by Inspect to identify containers with
    44  	// special SELinux-related settings. It is used to populate the output
    45  	// of the SecurityOpt setting.
    46  	// If an annotation with this key is found in the OCI spec, it will be
    47  	// used in the output of Inspect().
    48  	InspectAnnotationLabel = "io.podman.annotations.label"
    49  	// InspectAnnotationSeccomp is used by Inspect to identify containers
    50  	// with special Seccomp-related settings. It is used to populate the
    51  	// output of the SecurityOpt setting in Inspect.
    52  	// If an annotation with this key is found in the OCI spec, it will be
    53  	// used in the output of Inspect().
    54  	InspectAnnotationSeccomp = "io.podman.annotations.seccomp"
    55  	// InspectAnnotationApparmor is used by Inspect to identify containers
    56  	// with special Apparmor-related settings. It is used to populate the
    57  	// output of the SecurityOpt setting.
    58  	// If an annotation with this key is found in the OCI spec, it will be
    59  	// used in the output of Inspect().
    60  	InspectAnnotationApparmor = "io.podman.annotations.apparmor"
    61  
    62  	// InspectResponseTrue is a boolean True response for an inspect
    63  	// annotation.
    64  	InspectResponseTrue = "TRUE"
    65  	// InspectResponseFalse is a boolean False response for an inspect
    66  	// annotation.
    67  	InspectResponseFalse = "FALSE"
    68  
    69  	// CheckpointAnnotationName is used by Container Checkpoint when creating a
    70  	// checkpoint image to specify the original human-readable name for the
    71  	// container.
    72  	CheckpointAnnotationName = "io.podman.annotations.checkpoint.name"
    73  
    74  	// CheckpointAnnotationRawImageName is used by Container Checkpoint when
    75  	// creating a checkpoint image to specify the original unprocessed name of
    76  	// the image used to create the container (as specified by the user).
    77  	CheckpointAnnotationRawImageName = "io.podman.annotations.checkpoint.rawImageName"
    78  
    79  	// CheckpointAnnotationRootfsImageID is used by Container Checkpoint when
    80  	// creating a checkpoint image to specify the original ID of the image used
    81  	// to create the container.
    82  	CheckpointAnnotationRootfsImageID = "io.podman.annotations.checkpoint.rootfsImageID"
    83  
    84  	// CheckpointAnnotationRootfsImageName is used by Container Checkpoint when
    85  	// creating a checkpoint image to specify the original image name used to
    86  	// create the container.
    87  	CheckpointAnnotationRootfsImageName = "io.podman.annotations.checkpoint.rootfsImageName"
    88  
    89  	// CheckpointAnnotationPodmanVersion is used by Container Checkpoint when
    90  	// creating a checkpoint image to specify the version of Podman used on the
    91  	// host where the checkpoint was created.
    92  	CheckpointAnnotationPodmanVersion = "io.podman.annotations.checkpoint.podman.version"
    93  
    94  	// CheckpointAnnotationCriuVersion is used by Container Checkpoint when
    95  	// creating a checkpoint image to specify the version of CRIU used on the
    96  	// host where the checkpoint was created.
    97  	CheckpointAnnotationCriuVersion = "io.podman.annotations.checkpoint.criu.version"
    98  
    99  	// CheckpointAnnotationRuntimeName is used by Container Checkpoint when
   100  	// creating a checkpoint image to specify the runtime used on the host where
   101  	// the checkpoint was created.
   102  	CheckpointAnnotationRuntimeName = "io.podman.annotations.checkpoint.runtime.name"
   103  
   104  	// CheckpointAnnotationRuntimeVersion is used by Container Checkpoint when
   105  	// creating a checkpoint image to specify the version of runtime used on the
   106  	// host where the checkpoint was created.
   107  	CheckpointAnnotationRuntimeVersion = "io.podman.annotations.checkpoint.runtime.version"
   108  
   109  	// CheckpointAnnotationConmonVersion is used by Container Checkpoint when
   110  	// creating a checkpoint image to specify the version of conmon used on
   111  	// the host where the checkpoint was created.
   112  	CheckpointAnnotationConmonVersion = "io.podman.annotations.checkpoint.conmon.version"
   113  
   114  	// CheckpointAnnotationHostArch is used by Container Checkpoint when
   115  	// creating a checkpoint image to specify the CPU architecture of the host
   116  	// on which the checkpoint was created.
   117  	CheckpointAnnotationHostArch = "io.podman.annotations.checkpoint.host.arch"
   118  
   119  	// CheckpointAnnotationHostKernel is used by Container Checkpoint when
   120  	// creating a checkpoint image to specify the kernel version used by the
   121  	// host where the checkpoint was created.
   122  	CheckpointAnnotationHostKernel = "io.podman.annotations.checkpoint.host.kernel"
   123  
   124  	// CheckpointAnnotationCgroupVersion is used by Container Checkpoint when
   125  	// creating a checkpoint image to specify the cgroup version used by the
   126  	// host where the checkpoint was created.
   127  	CheckpointAnnotationCgroupVersion = "io.podman.annotations.checkpoint.cgroups.version"
   128  
   129  	// CheckpointAnnotationDistributionVersion is used by Container Checkpoint
   130  	// when creating a checkpoint image to specify the version of host
   131  	// distribution on which the checkpoint was created.
   132  	CheckpointAnnotationDistributionVersion = "io.podman.annotations.checkpoint.distribution.version"
   133  
   134  	// CheckpointAnnotationDistributionName is used by Container Checkpoint when
   135  	// creating a checkpoint image to specify the name of host distribution on
   136  	// which the checkpoint was created.
   137  	CheckpointAnnotationDistributionName = "io.podman.annotations.checkpoint.distribution.name"
   138  	// MaxKubeAnnotation is the max length of annotations allowed by Kubernetes.
   139  	MaxKubeAnnotation = 63
   140  )
   141  
   142  // IsReservedAnnotation returns true if the specified value corresponds to an
   143  // already reserved annotation that Podman sets during container creation.
   144  func IsReservedAnnotation(value string) bool {
   145  	switch value {
   146  	case InspectAnnotationCIDFile, InspectAnnotationAutoremove, InspectAnnotationVolumesFrom, InspectAnnotationPrivileged, InspectAnnotationPublishAll, InspectAnnotationInit, InspectAnnotationLabel, InspectAnnotationSeccomp, InspectAnnotationApparmor, InspectResponseTrue, InspectResponseFalse:
   147  		return true
   148  
   149  	default:
   150  		return false
   151  	}
   152  }