github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/features.go

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/features.go (about)

     1  package main
     2  
     3  import (
     4  	"encoding/json"
     5  	"fmt"
     6  
     7  	"github.com/opencontainers/runc/libcontainer/capabilities"
     8  	"github.com/opencontainers/runc/libcontainer/configs"
     9  	"github.com/opencontainers/runc/libcontainer/seccomp"
    10  	"github.com/opencontainers/runc/libcontainer/specconv"
    11  	runcfeatures "github.com/opencontainers/runc/types/features"
    12  	"github.com/opencontainers/runtime-spec/specs-go"
    13  	"github.com/opencontainers/runtime-spec/specs-go/features"
    14  	"github.com/urfave/cli"
    15  )
    16  
    17  var featuresCommand = cli.Command{
    18  	Name:      "features",
    19  	Usage:     "show the enabled features",
    20  	ArgsUsage: "",
    21  	Description: `Show the enabled features.
    22     The result is parsable as a JSON.
    23     See https://github.com/opencontainers/runtime-spec/blob/main/features.md for the type definition.
    24  `,
    25  	Action: func(context *cli.Context) error {
    26  		if err := checkArgs(context, 0, exactArgs); err != nil {
    27  			return err
    28  		}
    29  
    30  		tru := true
    31  
    32  		feat := features.Features{
    33  			OCIVersionMin: "1.0.0",
    34  			OCIVersionMax: specs.Version,
    35  			Annotations: map[string]string{
    36  				runcfeatures.AnnotationRuncVersion:           version,
    37  				runcfeatures.AnnotationRuncCommit:            gitCommit,
    38  				runcfeatures.AnnotationRuncCheckpointEnabled: "true",
    39  			},
    40  			Hooks:        configs.KnownHookNames(),
    41  			MountOptions: specconv.KnownMountOptions(),
    42  			Linux: &features.Linux{
    43  				Namespaces:   specconv.KnownNamespaces(),
    44  				Capabilities: capabilities.KnownCapabilities(),
    45  				Cgroup: &features.Cgroup{
    46  					V1:          &tru,
    47  					V2:          &tru,
    48  					Systemd:     &tru,
    49  					SystemdUser: &tru,
    50  					Rdma:        &tru,
    51  				},
    52  				Apparmor: &features.Apparmor{
    53  					Enabled: &tru,
    54  				},
    55  				Selinux: &features.Selinux{
    56  					Enabled: &tru,
    57  				},
    58  				IntelRdt: &features.IntelRdt{
    59  					Enabled: &tru,
    60  				},
    61  				MountExtensions: &features.MountExtensions{
    62  					IDMap: &features.IDMap{
    63  						Enabled: &tru,
    64  					},
    65  				},
    66  			},
    67  			PotentiallyUnsafeConfigAnnotations: []string{
    68  				"bundle",
    69  				"org.systemd.property.", // prefix form
    70  				"org.criu.config",
    71  				"org.opencontainers.runc.exec.isolated-cpu-affinity-transition",
    72  			},
    73  		}
    74  
    75  		if seccomp.Enabled {
    76  			feat.Linux.Seccomp = &features.Seccomp{
    77  				Enabled:        &tru,
    78  				Actions:        seccomp.KnownActions(),
    79  				Operators:      seccomp.KnownOperators(),
    80  				Archs:          seccomp.KnownArchs(),
    81  				KnownFlags:     seccomp.KnownFlags(),
    82  				SupportedFlags: seccomp.SupportedFlags(),
    83  			}
    84  			major, minor, patch := seccomp.Version()
    85  			feat.Annotations[runcfeatures.AnnotationLibseccompVersion] = fmt.Sprintf("%d.%d.%d", major, minor, patch)
    86  		}
    87  
    88  		enc := json.NewEncoder(context.App.Writer)
    89  		enc.SetIndent("", "    ")
    90  		return enc.Encode(feat)
    91  	},
    92  }