github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/libpod/define/container_inspect.go (about) 1 package define 2 3 import ( 4 "time" 5 6 "github.com/containers/image/v5/manifest" 7 ) 8 9 type InspectIDMappings struct { 10 UIDMap []string `json:"UidMap"` 11 GIDMap []string `json:"GidMap"` 12 } 13 14 // InspectContainerConfig holds further data about how a container was initially 15 // configured. 16 type InspectContainerConfig struct { 17 // Container hostname 18 Hostname string `json:"Hostname"` 19 // Container domain name - unused at present 20 DomainName string `json:"Domainname"` 21 // User the container was launched with 22 User string `json:"User"` 23 // Unused, at present 24 AttachStdin bool `json:"AttachStdin"` 25 // Unused, at present 26 AttachStdout bool `json:"AttachStdout"` 27 // Unused, at present 28 AttachStderr bool `json:"AttachStderr"` 29 // Whether the container creates a TTY 30 Tty bool `json:"Tty"` 31 // Whether the container leaves STDIN open 32 OpenStdin bool `json:"OpenStdin"` 33 // Whether STDIN is only left open once. 34 // Presently not supported by Podman, unused. 35 StdinOnce bool `json:"StdinOnce"` 36 // Container environment variables 37 Env []string `json:"Env"` 38 // Container command 39 Cmd []string `json:"Cmd"` 40 // Container image 41 Image string `json:"Image"` 42 // Unused, at present. I've never seen this field populated. 43 Volumes map[string]struct{} `json:"Volumes"` 44 // Container working directory 45 WorkingDir string `json:"WorkingDir"` 46 // Container entrypoint 47 Entrypoint string `json:"Entrypoint"` 48 // On-build arguments - presently unused. More of Buildah's domain. 49 OnBuild *string `json:"OnBuild"` 50 // Container labels 51 Labels map[string]string `json:"Labels"` 52 // Container annotations 53 Annotations map[string]string `json:"Annotations"` 54 // Container stop signal 55 StopSignal uint `json:"StopSignal"` 56 // Configured healthcheck for the container 57 Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"` 58 // CreateCommand is the full command plus arguments of the process the 59 // container has been created with. 60 CreateCommand []string `json:"CreateCommand,omitempty"` 61 // Timezone is the timezone inside the container. 62 // Local means it has the same timezone as the host machine 63 Timezone string `json:"Timezone,omitempty"` 64 // SystemdMode is whether the container is running in systemd mode. In 65 // systemd mode, the container configuration is customized to optimize 66 // running systemd in the container. 67 SystemdMode bool `json:"SystemdMode,omitempty"` 68 // Umask is the umask inside the container. 69 Umask string `json:"Umask,omitempty"` 70 // Secrets are the secrets mounted in the container 71 Secrets []*InspectSecret `json:"Secrets,omitempty"` 72 // Timeout is time before container is killed by conmon 73 Timeout uint `json:"Timeout"` 74 // StopTimeout is time before container is stopped when calling stop 75 StopTimeout uint `json:"StopTimeout"` 76 // Passwd determines whether or not podman can add entries to /etc/passwd and /etc/group 77 Passwd *bool `json:"Passwd,omitempty"` 78 // ChrootDirs is an additional set of directories that need to be 79 // treated as root directories. Standard bind mounts will be mounted 80 // into paths relative to these directories. 81 ChrootDirs []string `json:"ChrootDirs,omitempty"` 82 } 83 84 // InspectRestartPolicy holds information about the container's restart policy. 85 type InspectRestartPolicy struct { 86 // Name contains the container's restart policy. 87 // Allowable values are "no" or "" (take no action), 88 // "on-failure" (restart on non-zero exit code, with an optional max 89 // retry count), and "always" (always restart on container stop, unless 90 // explicitly requested by API). 91 // Note that this is NOT actually a name of any sort - the poor naming 92 // is for Docker compatibility. 93 Name string `json:"Name"` 94 // MaximumRetryCount is the maximum number of retries allowed if the 95 // "on-failure" restart policy is in use. Not used if "on-failure" is 96 // not set. 97 MaximumRetryCount uint `json:"MaximumRetryCount"` 98 } 99 100 // InspectLogConfig holds information about a container's configured log driver 101 type InspectLogConfig struct { 102 Type string `json:"Type"` 103 Config map[string]string `json:"Config"` 104 // Path specifies a path to the log file 105 Path string `json:"Path"` 106 // Tag specifies a custom log tag for the container 107 Tag string `json:"Tag"` 108 // Size specifies a maximum size of the container log 109 Size string `json:"Size"` 110 } 111 112 // InspectBlkioWeightDevice holds information about the relative weight 113 // of an individual device node. Weights are used in the I/O scheduler to give 114 // relative priority to some accesses. 115 type InspectBlkioWeightDevice struct { 116 // Path is the path to the device this applies to. 117 Path string `json:"Path"` 118 // Weight is the relative weight the scheduler will use when scheduling 119 // I/O. 120 Weight uint16 `json:"Weight"` 121 } 122 123 // InspectBlkioThrottleDevice holds information about a speed cap for a device 124 // node. This cap applies to a specific operation (read, write, etc) on the given 125 // node. 126 type InspectBlkioThrottleDevice struct { 127 // Path is the path to the device this applies to. 128 Path string `json:"Path"` 129 // Rate is the maximum rate. It is in either bytes per second or iops 130 // per second, determined by where it is used - documentation will 131 // indicate which is appropriate. 132 Rate uint64 `json:"Rate"` 133 } 134 135 // InspectUlimit is a ulimit that will be applied to the container. 136 type InspectUlimit struct { 137 // Name is the name (type) of the ulimit. 138 Name string `json:"Name"` 139 // Soft is the soft limit that will be applied. 140 Soft int64 `json:"Soft"` 141 // Hard is the hard limit that will be applied. 142 Hard int64 `json:"Hard"` 143 } 144 145 // InspectDevice is a single device that will be mounted into the container. 146 type InspectDevice struct { 147 // PathOnHost is the path of the device on the host. 148 PathOnHost string `json:"PathOnHost"` 149 // PathInContainer is the path of the device within the container. 150 PathInContainer string `json:"PathInContainer"` 151 // CgroupPermissions is the permissions of the mounted device. 152 // Presently not populated. 153 // TODO. 154 CgroupPermissions string `json:"CgroupPermissions"` 155 } 156 157 // InspectHostPort provides information on a port on the host that a container's 158 // port is bound to. 159 type InspectHostPort struct { 160 // IP on the host we are bound to. "" if not specified (binding to all 161 // IPs). 162 HostIP string `json:"HostIp"` 163 // Port on the host we are bound to. No special formatting - just an 164 // integer stuffed into a string. 165 HostPort string `json:"HostPort"` 166 } 167 168 // InspectMount provides a record of a single mount in a container. It contains 169 // fields for both named and normal volumes. Only user-specified volumes will be 170 // included, and tmpfs volumes are not included even if the user specified them. 171 type InspectMount struct { 172 // Whether the mount is a volume or bind mount. Allowed values are 173 // "volume" and "bind". 174 Type string `json:"Type"` 175 // The name of the volume. Empty for bind mounts. 176 Name string `json:"Name,omitempty"` 177 // The source directory for the volume. 178 Source string `json:"Source"` 179 // The destination directory for the volume. Specified as a path within 180 // the container, as it would be passed into the OCI runtime. 181 Destination string `json:"Destination"` 182 // The driver used for the named volume. Empty for bind mounts. 183 Driver string `json:"Driver"` 184 // Contains SELinux :z/:Z mount options. Unclear what, if anything, else 185 // goes in here. 186 Mode string `json:"Mode"` 187 // All remaining mount options. Additional data, not present in the 188 // original output. 189 Options []string `json:"Options"` 190 // Whether the volume is read-write 191 RW bool `json:"RW"` 192 // Mount propagation for the mount. Can be empty if not specified, but 193 // is always printed - no omitempty. 194 Propagation string `json:"Propagation"` 195 } 196 197 // InspectContainerState provides a detailed record of a container's current 198 // state. It is returned as part of InspectContainerData. 199 // As with InspectContainerData, many portions of this struct are matched to 200 // Docker, but here we see more fields that are unused (nonsensical in the 201 // context of Libpod). 202 type InspectContainerState struct { 203 OciVersion string `json:"OciVersion"` 204 Status string `json:"Status"` 205 Running bool `json:"Running"` 206 Paused bool `json:"Paused"` 207 Restarting bool `json:"Restarting"` // TODO 208 OOMKilled bool `json:"OOMKilled"` 209 Dead bool `json:"Dead"` 210 Pid int `json:"Pid"` 211 ConmonPid int `json:"ConmonPid,omitempty"` 212 ExitCode int32 `json:"ExitCode"` 213 Error string `json:"Error"` // TODO 214 StartedAt time.Time `json:"StartedAt"` 215 FinishedAt time.Time `json:"FinishedAt"` 216 Health HealthCheckResults `json:"Health,omitempty"` 217 Checkpointed bool `json:"Checkpointed,omitempty"` 218 CgroupPath string `json:"CgroupPath,omitempty"` 219 CheckpointedAt time.Time `json:"CheckpointedAt,omitempty"` 220 RestoredAt time.Time `json:"RestoredAt,omitempty"` 221 CheckpointLog string `json:"CheckpointLog,omitempty"` 222 CheckpointPath string `json:"CheckpointPath,omitempty"` 223 RestoreLog string `json:"RestoreLog,omitempty"` 224 Restored bool `json:"Restored,omitempty"` 225 } 226 227 // Healthcheck returns the HealthCheckResults. This is used for old podman compat 228 // to make the "Healthcheck" key available in the go template. 229 func (s *InspectContainerState) Healthcheck() HealthCheckResults { 230 return s.Health 231 } 232 233 // HealthCheckResults describes the results/logs from a healthcheck 234 type HealthCheckResults struct { 235 // Status healthy or unhealthy 236 Status string `json:"Status"` 237 // FailingStreak is the number of consecutive failed healthchecks 238 FailingStreak int `json:"FailingStreak"` 239 // Log describes healthcheck attempts and results 240 Log []HealthCheckLog `json:"Log"` 241 } 242 243 // HealthCheckLog describes the results of a single healthcheck 244 type HealthCheckLog struct { 245 // Start time as string 246 Start string `json:"Start"` 247 // End time as a string 248 End string `json:"End"` 249 // Exitcode is 0 or 1 250 ExitCode int `json:"ExitCode"` 251 // Output is the stdout/stderr from the healthcheck command 252 Output string `json:"Output"` 253 } 254 255 // InspectContainerHostConfig holds information used when the container was 256 // created. 257 // It's very much a Docker-specific struct, retained (mostly) as-is for 258 // compatibility. We fill individual fields as best as we can, inferring as much 259 // as possible from the spec and container config. 260 // Some things cannot be inferred. These will be populated by spec annotations 261 // (if available). 262 // Field names are fixed for compatibility and cannot be changed. 263 // As such, silence lint warnings about them. 264 //nolint 265 type InspectContainerHostConfig struct { 266 // Binds contains an array of user-added mounts. 267 // Both volume mounts and named volumes are included. 268 // Tmpfs mounts are NOT included. 269 // In 'docker inspect' this is separated into 'Binds' and 'Mounts' based 270 // on how a mount was added. We do not make this distinction and do not 271 // include a Mounts field in inspect. 272 // Format: <src>:<destination>[:<comma-separated options>] 273 Binds []string `json:"Binds"` 274 // CgroupManager is the cgroup manager used by the container. 275 // At present, allowed values are either "cgroupfs" or "systemd". 276 CgroupManager string `json:"CgroupManager,omitempty"` 277 // CgroupMode is the configuration of the container's cgroup namespace. 278 // Populated as follows: 279 // private - a cgroup namespace has been created 280 // host - No cgroup namespace created 281 // container:<id> - Using another container's cgroup namespace 282 // ns:<path> - A path to a cgroup namespace has been specified 283 CgroupMode string `json:"CgroupMode"` 284 // ContainerIDFile is a file created during container creation to hold 285 // the ID of the created container. 286 // This is not handled within libpod and is stored in an annotation. 287 ContainerIDFile string `json:"ContainerIDFile"` 288 // LogConfig contains information on the container's logging backend 289 LogConfig *InspectLogConfig `json:"LogConfig"` 290 // NetworkMode is the configuration of the container's network 291 // namespace. 292 // Populated as follows: 293 // default - A network namespace is being created and configured via CNI 294 // none - A network namespace is being created, not configured via CNI 295 // host - No network namespace created 296 // container:<id> - Using another container's network namespace 297 // ns:<path> - A path to a network namespace has been specified 298 NetworkMode string `json:"NetworkMode"` 299 // PortBindings contains the container's port bindings. 300 // It is formatted as map[string][]InspectHostPort. 301 // The string key here is formatted as <integer port number>/<protocol> 302 // and represents the container port. A single container port may be 303 // bound to multiple host ports (on different IPs). 304 PortBindings map[string][]InspectHostPort `json:"PortBindings"` 305 // RestartPolicy contains the container's restart policy. 306 RestartPolicy *InspectRestartPolicy `json:"RestartPolicy"` 307 // AutoRemove is whether the container will be automatically removed on 308 // exiting. 309 // It is not handled directly within libpod and is stored in an 310 // annotation. 311 AutoRemove bool `json:"AutoRemove"` 312 // VolumeDriver is presently unused and is retained for Docker 313 // compatibility. 314 VolumeDriver string `json:"VolumeDriver"` 315 // VolumesFrom is a list of containers which this container uses volumes 316 // from. This is not handled directly within libpod and is stored in an 317 // annotation. 318 // It is formatted as an array of container names and IDs. 319 VolumesFrom []string `json:"VolumesFrom"` 320 // CapAdd is a list of capabilities added to the container. 321 // It is not directly stored by Libpod, and instead computed from the 322 // capabilities listed in the container's spec, compared against a set 323 // of default capabilities. 324 CapAdd []string `json:"CapAdd"` 325 // CapDrop is a list of capabilities removed from the container. 326 // It is not directly stored by libpod, and instead computed from the 327 // capabilities listed in the container's spec, compared against a set 328 // of default capabilities. 329 CapDrop []string `json:"CapDrop"` 330 // Dns is a list of DNS nameservers that will be added to the 331 // container's resolv.conf 332 Dns []string `json:"Dns"` 333 // DnsOptions is a list of DNS options that will be set in the 334 // container's resolv.conf 335 DnsOptions []string `json:"DnsOptions"` 336 // DnsSearch is a list of DNS search domains that will be set in the 337 // container's resolv.conf 338 DnsSearch []string `json:"DnsSearch"` 339 // ExtraHosts contains hosts that will be aded to the container's 340 // /etc/hosts. 341 ExtraHosts []string `json:"ExtraHosts"` 342 // GroupAdd contains groups that the user inside the container will be 343 // added to. 344 GroupAdd []string `json:"GroupAdd"` 345 // IpcMode represents the configuration of the container's IPC 346 // namespace. 347 // Populated as follows: 348 // "" (empty string) - Default, an IPC namespace will be created 349 // host - No IPC namespace created 350 // container:<id> - Using another container's IPC namespace 351 // ns:<path> - A path to an IPC namespace has been specified 352 IpcMode string `json:"IpcMode"` 353 // Cgroup contains the container's cgroup. It is presently not 354 // populated. 355 // TODO. 356 Cgroup string `json:"Cgroup"` 357 // Cgroups contains the container's Cgroup mode. 358 // Allowed values are "default" (container is creating Cgroups) and 359 // "disabled" (container is not creating Cgroups). 360 // This is Libpod-specific and not included in `docker inspect`. 361 Cgroups string `json:"Cgroups"` 362 // Links is unused, and provided purely for Docker compatibility. 363 Links []string `json:"Links"` 364 // OOMScoreAdj is an adjustment that will be made to the container's OOM 365 // score. 366 OomScoreAdj int `json:"OomScoreAdj"` 367 // PidMode represents the configuration of the container's PID 368 // namespace. 369 // Populated as follows: 370 // "" (empty string) - Default, a PID namespace will be created 371 // host - No PID namespace created 372 // container:<id> - Using another container's PID namespace 373 // ns:<path> - A path to a PID namespace has been specified 374 PidMode string `json:"PidMode"` 375 // Privileged indicates whether the container is running with elevated 376 // privileges. 377 // This has a very specific meaning in the Docker sense, so it's very 378 // difficult to decode from the spec and config, and so is stored as an 379 // annotation. 380 Privileged bool `json:"Privileged"` 381 // PublishAllPorts indicates whether image ports are being published. 382 // This is not directly stored in libpod and is saved as an annotation. 383 PublishAllPorts bool `json:"PublishAllPorts"` 384 // ReadonlyRootfs is whether the container will be mounted read-only. 385 ReadonlyRootfs bool `json:"ReadonlyRootfs"` 386 // SecurityOpt is a list of security-related options that are set in the 387 // container. 388 SecurityOpt []string `json:"SecurityOpt"` 389 // Tmpfs is a list of tmpfs filesystems that will be mounted into the 390 // container. 391 // It is a map of destination path to options for the mount. 392 Tmpfs map[string]string `json:"Tmpfs"` 393 // UTSMode represents the configuration of the container's UID 394 // namespace. 395 // Populated as follows: 396 // "" (empty string) - Default, a UTS namespace will be created 397 // host - no UTS namespace created 398 // container:<id> - Using another container's UTS namespace 399 // ns:<path> - A path to a UTS namespace has been specified 400 UTSMode string `json:"UTSMode"` 401 // UsernsMode represents the configuration of the container's user 402 // namespace. 403 // When running rootless, a user namespace is created outside of libpod 404 // to allow some privileged operations. This will not be reflected here. 405 // Populated as follows: 406 // "" (empty string) - No user namespace will be created 407 // private - The container will be run in a user namespace 408 // container:<id> - Using another container's user namespace 409 // ns:<path> - A path to a user namespace has been specified 410 // TODO Rootless has an additional 'keep-id' option, presently not 411 // reflected here. 412 UsernsMode string `json:"UsernsMode"` 413 // IDMappings is the UIDMapping and GIDMapping used within the container 414 IDMappings *InspectIDMappings `json:"IDMappings,omitempty"` 415 // ShmSize is the size of the container's SHM device. 416 417 ShmSize int64 `json:"ShmSize"` 418 // Runtime is provided purely for Docker compatibility. 419 // It is set unconditionally to "oci" as Podman does not presently 420 // support non-OCI runtimes. 421 Runtime string `json:"Runtime"` 422 // ConsoleSize is an array of 2 integers showing the size of the 423 // container's console. 424 // It is only set if the container is creating a terminal. 425 // TODO. 426 ConsoleSize []uint `json:"ConsoleSize"` 427 // Isolation is presently unused and provided solely for Docker 428 // compatibility. 429 Isolation string `json:"Isolation"` 430 // CpuShares indicates the CPU resources allocated to the container. 431 // It is a relative weight in the scheduler for assigning CPU time 432 // versus other Cgroups. 433 CpuShares uint64 `json:"CpuShares"` 434 // Memory indicates the memory resources allocated to the container. 435 // This is the limit (in bytes) of RAM the container may use. 436 Memory int64 `json:"Memory"` 437 // NanoCpus indicates number of CPUs allocated to the container. 438 // It is an integer where one full CPU is indicated by 1000000000 (one 439 // billion). 440 // Thus, 2.5 CPUs (fractional portions of CPUs are allowed) would be 441 // 2500000000 (2.5 billion). 442 // In 'docker inspect' this is set exclusively of two further options in 443 // the output (CpuPeriod and CpuQuota) which are both used to implement 444 // this functionality. 445 // We can't distinguish here, so if CpuQuota is set to the default of 446 // 100000, we will set both CpuQuota, CpuPeriod, and NanoCpus. If 447 // CpuQuota is not the default, we will not set NanoCpus. 448 NanoCpus int64 `json:"NanoCpus"` 449 // CgroupParent is the Cgroup parent of the container. 450 // Only set if not default. 451 CgroupParent string `json:"CgroupParent"` 452 // BlkioWeight indicates the I/O resources allocated to the container. 453 // It is a relative weight in the scheduler for assigning I/O time 454 // versus other Cgroups. 455 BlkioWeight uint16 `json:"BlkioWeight"` 456 // BlkioWeightDevice is an array of I/O resource priorities for 457 // individual device nodes. 458 // Unfortunately, the spec only stores the device's Major/Minor numbers 459 // and not the path, which is used here. 460 // Fortunately, the kernel provides an interface for retrieving the path 461 // of a given node by major:minor at /sys/dev/. However, the exact path 462 // in use may not be what was used in the original CLI invocation - 463 // though it is guaranteed that the device node will be the same, and 464 // using the given path will be functionally identical. 465 BlkioWeightDevice []InspectBlkioWeightDevice `json:"BlkioWeightDevice"` 466 // BlkioDeviceReadBps is an array of I/O throttle parameters for 467 // individual device nodes. 468 // This specifically sets read rate cap in bytes per second for device 469 // nodes. 470 // As with BlkioWeightDevice, we pull the path from /sys/dev, and we 471 // don't guarantee the path will be identical to the original (though 472 // the node will be). 473 BlkioDeviceReadBps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadBps"` 474 // BlkioDeviceWriteBps is an array of I/O throttle parameters for 475 // individual device nodes. 476 // this specifically sets write rate cap in bytes per second for device 477 // nodes. 478 // as with BlkioWeightDevice, we pull the path from /sys/dev, and we 479 // don't guarantee the path will be identical to the original (though 480 // the node will be). 481 BlkioDeviceWriteBps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteBps"` 482 // BlkioDeviceReadIOps is an array of I/O throttle parameters for 483 // individual device nodes. 484 // This specifically sets the read rate cap in iops per second for 485 // device nodes. 486 // As with BlkioWeightDevice, we pull the path from /sys/dev, and we 487 // don't guarantee the path will be identical to the original (though 488 // the node will be). 489 BlkioDeviceReadIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadIOps"` 490 // BlkioDeviceWriteIOps is an array of I/O throttle parameters for 491 // individual device nodes. 492 // This specifically sets the write rate cap in iops per second for 493 // device nodes. 494 // As with BlkioWeightDevice, we pull the path from /sys/dev, and we 495 // don't guarantee the path will be identical to the original (though 496 // the node will be). 497 BlkioDeviceWriteIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteIOps"` 498 // CpuPeriod is the length of a CPU period in microseconds. 499 // It relates directly to CpuQuota. 500 CpuPeriod uint64 `json:"CpuPeriod"` 501 // CpuPeriod is the amount of time (in microseconds) that a container 502 // can use the CPU in every CpuPeriod. 503 CpuQuota int64 `json:"CpuQuota"` 504 // CpuRealtimePeriod is the length of time (in microseconds) of the CPU 505 // realtime period. If set to 0, no time will be allocated to realtime 506 // tasks. 507 CpuRealtimePeriod uint64 `json:"CpuRealtimePeriod"` 508 // CpuRealtimeRuntime is the length of time (in microseconds) allocated 509 // for realtime tasks within every CpuRealtimePeriod. 510 CpuRealtimeRuntime int64 `json:"CpuRealtimeRuntime"` 511 // CpusetCpus is the is the set of CPUs that the container will execute 512 // on. Formatted as `0-3` or `0,2`. Default (if unset) is all CPUs. 513 CpusetCpus string `json:"CpusetCpus"` 514 // CpusetMems is the set of memory nodes the container will use. 515 // Formatted as `0-3` or `0,2`. Default (if unset) is all memory nodes. 516 CpusetMems string `json:"CpusetMems"` 517 // Devices is a list of device nodes that will be added to the 518 // container. 519 // These are stored in the OCI spec only as type, major, minor while we 520 // display the host path. We convert this with /sys/dev, but we cannot 521 // guarantee that the host path will be identical - only that the actual 522 // device will be. 523 Devices []InspectDevice `json:"Devices"` 524 // DiskQuota is the maximum amount of disk space the container may use 525 // (in bytes). 526 // Presently not populated. 527 // TODO. 528 DiskQuota uint64 `json:"DiskQuota"` 529 // KernelMemory is the maximum amount of memory the kernel will devote 530 // to the container. 531 KernelMemory int64 `json:"KernelMemory"` 532 // MemoryReservation is the reservation (soft limit) of memory available 533 // to the container. Soft limits are warnings only and can be exceeded. 534 MemoryReservation int64 `json:"MemoryReservation"` 535 // MemorySwap is the total limit for all memory available to the 536 // container, including swap. 0 indicates that there is no limit to the 537 // amount of memory available. 538 MemorySwap int64 `json:"MemorySwap"` 539 // MemorySwappiness is the willingness of the kernel to page container 540 // memory to swap. It is an integer from 0 to 100, with low numbers 541 // being more likely to be put into swap. 542 // -1, the default, will not set swappiness and use the system defaults. 543 MemorySwappiness int64 `json:"MemorySwappiness"` 544 // OomKillDisable indicates whether the kernel OOM killer is disabled 545 // for the container. 546 OomKillDisable bool `json:"OomKillDisable"` 547 // Init indicates whether the container has an init mounted into it. 548 Init bool `json:"Init,omitempty"` 549 // PidsLimit is the maximum number of PIDs what may be created within 550 // the container. 0, the default, indicates no limit. 551 PidsLimit int64 `json:"PidsLimit"` 552 // Ulimits is a set of ulimits that will be set within the container. 553 Ulimits []InspectUlimit `json:"Ulimits"` 554 // CpuCount is Windows-only and not presently implemented. 555 CpuCount uint64 `json:"CpuCount"` 556 // CpuPercent is Windows-only and not presently implemented. 557 CpuPercent uint64 `json:"CpuPercent"` 558 // IOMaximumIOps is Windows-only and not presently implemented. 559 IOMaximumIOps uint64 `json:"IOMaximumIOps"` 560 // IOMaximumBandwidth is Windows-only and not presently implemented. 561 IOMaximumBandwidth uint64 `json:"IOMaximumBandwidth"` 562 // CgroupConf is the configuration for cgroup v2. 563 CgroupConf map[string]string `json:"CgroupConf"` 564 } 565 566 // Address represents an IP address. 567 type Address struct { 568 Addr string 569 PrefixLength int 570 } 571 572 // InspectBasicNetworkConfig holds basic configuration information (e.g. IP 573 // addresses, MAC address, subnet masks, etc) that are common for all networks 574 // (both additional and main). 575 type InspectBasicNetworkConfig struct { 576 // EndpointID is unused, maintained exclusively for compatibility. 577 EndpointID string `json:"EndpointID"` 578 // Gateway is the IP address of the gateway this network will use. 579 Gateway string `json:"Gateway"` 580 // IPAddress is the IP address for this network. 581 IPAddress string `json:"IPAddress"` 582 // IPPrefixLen is the length of the subnet mask of this network. 583 IPPrefixLen int `json:"IPPrefixLen"` 584 // SecondaryIPAddresses is a list of extra IP Addresses that the 585 // container has been assigned in this network. 586 SecondaryIPAddresses []Address `json:"SecondaryIPAddresses,omitempty"` 587 // IPv6Gateway is the IPv6 gateway this network will use. 588 IPv6Gateway string `json:"IPv6Gateway"` 589 // GlobalIPv6Address is the global-scope IPv6 Address for this network. 590 GlobalIPv6Address string `json:"GlobalIPv6Address"` 591 // GlobalIPv6PrefixLen is the length of the subnet mask of this network. 592 GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"` 593 // SecondaryIPv6Addresses is a list of extra IPv6 Addresses that the 594 // container has been assigned in this network. 595 SecondaryIPv6Addresses []Address `json:"SecondaryIPv6Addresses,omitempty"` 596 // MacAddress is the MAC address for the interface in this network. 597 MacAddress string `json:"MacAddress"` 598 // AdditionalMacAddresses is a set of additional MAC Addresses beyond 599 // the first. CNI may configure more than one interface for a single 600 // network, which can cause this. 601 AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"` 602 } 603 604 // InspectAdditionalNetwork holds information about non-default CNI networks the 605 // container has been connected to. 606 // As with InspectNetworkSettings, many fields are unused and maintained only 607 // for compatibility with Docker. 608 type InspectAdditionalNetwork struct { 609 InspectBasicNetworkConfig 610 611 // Name of the network we're connecting to. 612 NetworkID string `json:"NetworkID,omitempty"` 613 // DriverOpts is presently unused and maintained exclusively for 614 // compatibility. 615 DriverOpts map[string]string `json:"DriverOpts"` 616 // IPAMConfig is presently unused and maintained exclusively for 617 // compatibility. 618 IPAMConfig map[string]string `json:"IPAMConfig"` 619 // Links is presently unused and maintained exclusively for 620 // compatibility. 621 Links []string `json:"Links"` 622 // Aliases are any network aliases the container has in this network. 623 Aliases []string `json:"Aliases,omitempty"` 624 } 625 626 // InspectNetworkSettings holds information about the network settings of the 627 // container. 628 // Many fields are maintained only for compatibility with `docker inspect` and 629 // are unused within Libpod. 630 type InspectNetworkSettings struct { 631 InspectBasicNetworkConfig 632 633 Bridge string `json:"Bridge"` 634 SandboxID string `json:"SandboxID"` 635 HairpinMode bool `json:"HairpinMode"` 636 LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"` 637 LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"` 638 Ports map[string][]InspectHostPort `json:"Ports"` 639 SandboxKey string `json:"SandboxKey"` 640 // Networks contains information on non-default CNI networks this 641 // container has joined. 642 // It is a map of network name to network information. 643 Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"` 644 } 645 646 // InspectContainerData provides a detailed record of a container's configuration 647 // and state as viewed by Libpod. 648 // Large portions of this structure are defined such that the output is 649 // compatible with `docker inspect` JSON, but additional fields have been added 650 // as required to share information not in the original output. 651 type InspectContainerData struct { 652 ID string `json:"Id"` 653 Created time.Time `json:"Created"` 654 Path string `json:"Path"` 655 Args []string `json:"Args"` 656 State *InspectContainerState `json:"State"` 657 Image string `json:"Image"` 658 ImageName string `json:"ImageName"` 659 Rootfs string `json:"Rootfs"` 660 Pod string `json:"Pod"` 661 ResolvConfPath string `json:"ResolvConfPath"` 662 HostnamePath string `json:"HostnamePath"` 663 HostsPath string `json:"HostsPath"` 664 StaticDir string `json:"StaticDir"` 665 OCIConfigPath string `json:"OCIConfigPath,omitempty"` 666 OCIRuntime string `json:"OCIRuntime,omitempty"` 667 ConmonPidFile string `json:"ConmonPidFile"` 668 PidFile string `json:"PidFile"` 669 Name string `json:"Name"` 670 RestartCount int32 `json:"RestartCount"` 671 Driver string `json:"Driver"` 672 MountLabel string `json:"MountLabel"` 673 ProcessLabel string `json:"ProcessLabel"` 674 AppArmorProfile string `json:"AppArmorProfile"` 675 EffectiveCaps []string `json:"EffectiveCaps"` 676 BoundingCaps []string `json:"BoundingCaps"` 677 ExecIDs []string `json:"ExecIDs"` 678 GraphDriver *DriverData `json:"GraphDriver"` 679 SizeRw *int64 `json:"SizeRw,omitempty"` 680 SizeRootFs int64 `json:"SizeRootFs,omitempty"` 681 Mounts []InspectMount `json:"Mounts"` 682 Dependencies []string `json:"Dependencies"` 683 NetworkSettings *InspectNetworkSettings `json:"NetworkSettings"` 684 Namespace string `json:"Namespace"` 685 IsInfra bool `json:"IsInfra"` 686 IsService bool `json:"IsService"` 687 Config *InspectContainerConfig `json:"Config"` 688 HostConfig *InspectContainerHostConfig `json:"HostConfig"` 689 } 690 691 // InspectExecSession contains information about a given exec session. 692 type InspectExecSession struct { 693 // CanRemove is legacy and used purely for compatibility reasons. 694 // Will always be set to true, unless the exec session is running. 695 CanRemove bool `json:"CanRemove"` 696 // ContainerID is the ID of the container this exec session is attached 697 // to. 698 ContainerID string `json:"ContainerID"` 699 // DetachKeys are the detach keys used by the exec session. 700 // If set to "" the default keys are being used. 701 // Will show "<none>" if no detach keys are set. 702 DetachKeys string `json:"DetachKeys"` 703 // ExitCode is the exit code of the exec session. Will be set to 0 if 704 // the exec session has not yet exited. 705 ExitCode int `json:"ExitCode"` 706 // ID is the ID of the exec session. 707 ID string `json:"ID"` 708 // OpenStderr is whether the container's STDERR stream will be attached. 709 // Always set to true if the exec session created a TTY. 710 OpenStderr bool `json:"OpenStderr"` 711 // OpenStdin is whether the container's STDIN stream will be attached 712 // to. 713 OpenStdin bool `json:"OpenStdin"` 714 // OpenStdout is whether the container's STDOUT stream will be attached. 715 // Always set to true if the exec session created a TTY. 716 OpenStdout bool `json:"OpenStdout"` 717 // Running is whether the exec session is running. 718 Running bool `json:"Running"` 719 // Pid is the PID of the exec session's process. 720 // Will be set to 0 if the exec session is not running. 721 Pid int `json:"Pid"` 722 // ProcessConfig contains information about the exec session's process. 723 ProcessConfig *InspectExecProcess `json:"ProcessConfig"` 724 } 725 726 // InspectExecProcess contains information about the process in a given exec 727 // session. 728 type InspectExecProcess struct { 729 // Arguments are the arguments to the entrypoint command of the exec 730 // session. 731 Arguments []string `json:"arguments"` 732 // Entrypoint is the entrypoint for the exec session (the command that 733 // will be executed in the container). 734 Entrypoint string `json:"entrypoint"` 735 // Privileged is whether the exec session will be started with elevated 736 // privileges. 737 Privileged bool `json:"privileged"` 738 // Tty is whether the exec session created a terminal. 739 Tty bool `json:"tty"` 740 // User is the user the exec session was started as. 741 User string `json:"user"` 742 } 743 744 // DriverData handles the data for a storage driver 745 type DriverData struct { 746 Name string `json:"Name"` 747 Data map[string]string `json:"Data"` 748 } 749 750 // InspectSecret contains information on secrets mounted inside the container 751 type InspectSecret struct { 752 // Name is the name of the secret 753 Name string `json:"Name"` 754 // ID is the ID of the secret 755 ID string `json:"ID"` 756 // ID is the UID of the mounted secret file 757 UID uint32 `json:"UID"` 758 // ID is the GID of the mounted secret file 759 GID uint32 `json:"GID"` 760 // ID is the ID of the mode of the mounted secret file 761 Mode uint32 `json:"Mode"` 762 }