github.com/opencontainers/runtime-tools@v0.9.0/specerror/config-linux.go

github.com/opencontainers/runtime-tools@v0.9.0/specerror/config-linux.go (about)

     1  package specerror
     2  
     3  import (
     4  	"fmt"
     5  
     6  	rfc2119 "github.com/opencontainers/runtime-tools/error"
     7  )
     8  
     9  // define error codes
    10  const (
    11  	// DefaultFilesystems represents "The following filesystems SHOULD be made available in each container's filesystem:"
    12  	DefaultFilesystems Code = 0xc001 + iota
    13  	// NSPathAbs represents "This value MUST be an absolute path in the runtime mount namespace."
    14  	NSPathAbs
    15  	// NSProcInPath represents "The runtime MUST place the container process in the namespace associated with that `path`."
    16  	NSProcInPath
    17  	// NSPathMatchTypeError represents "The runtime MUST generate an error if `path` is not associated with a namespace of type `type`."
    18  	NSPathMatchTypeError
    19  	// NSNewNSWithoutPath represents "If `path` is not specified, the runtime MUST create a new container namespace of type `type`."
    20  	NSNewNSWithoutPath
    21  	// NSInheritWithoutType represents "If a namespace type is not specified in the `namespaces` array, the container MUST inherit the runtime namespace of that type."
    22  	NSInheritWithoutType
    23  	// NSErrorOnDup represents "If a `namespaces` field contains duplicated namespaces with same `type`, the runtime MUST generate an error."
    24  	NSErrorOnDup
    25  	// UserNSMapOwnershipRO represents "The runtime SHOULD NOT modify the ownership of referenced filesystems to realize the mapping."
    26  	UserNSMapOwnershipRO
    27  	// DevicesAvailable represents "devices (array of objects, OPTIONAL) lists devices that MUST be available in the container."
    28  	DevicesAvailable
    29  	// DevicesFileNotMatch represents "If a file already exists at `path` that does not match the requested device, the runtime MUST generate an error."
    30  	DevicesFileNotMatch
    31  	// DevicesMajMinRequired represents "`major, minor` (int64, REQUIRED unless `type` is `p`) - major, minor numbers for the device."
    32  	DevicesMajMinRequired
    33  	// DevicesErrorOnDup represents "The same `type`, `major` and `minor` SHOULD NOT be used for multiple devices."
    34  	DevicesErrorOnDup
    35  	// DefaultDevices represents "In addition to any devices configured with this setting, the runtime MUST also supply default devices."
    36  	DefaultDevices
    37  	// CgroupsPathAbsOrRel represents "The value of `cgroupsPath` MUST be either an absolute path or a relative path."
    38  	CgroupsPathAbsOrRel
    39  	// CgroupsAbsPathRelToMount represents "In the case of an absolute path (starting with `/`), the runtime MUST take the path to be relative to the cgroups mount point."
    40  	CgroupsAbsPathRelToMount
    41  	// CgroupsPathAttach represents "If the value is specified, the runtime MUST consistently attach to the same place in the cgroups hierarchy given the same value of `cgroupsPath`."
    42  	CgroupsPathAttach
    43  	// CgroupsPathError represents "Runtimes MAY consider certain `cgroupsPath` values to be invalid, and MUST generate an error if this is the case."
    44  	CgroupsPathError
    45  	// DevicesApplyInOrder represents "The runtime MUST apply entries in the listed order."
    46  	DevicesApplyInOrder
    47  	// BlkIOWeightOrLeafWeightExist represents "You MUST specify at least one of `weight` or `leafWeight` in a given entry, and MAY specify both."
    48  	BlkIOWeightOrLeafWeightExist
    49  	// IntelRdtPIDWrite represents "If `intelRdt` is set, the runtime MUST write the container process ID to the `<container-id>/tasks` file in a mounted `resctrl` pseudo-filesystem, using the container ID from `start` and creating the `container-id` directory if necessary."
    50  	IntelRdtPIDWrite
    51  	// IntelRdtNoMountedResctrlError represents "If no mounted `resctrl` pseudo-filesystem is available in the runtime mount namespace, the runtime MUST generate an error."
    52  	IntelRdtNoMountedResctrlError
    53  	// NotManipResctrlWithoutIntelRdt represents "If `intelRdt` is not set, the runtime MUST NOT manipulate any `resctrl` pseudo-filesystems."
    54  	NotManipResctrlWithoutIntelRdt
    55  	// IntelRdtL3CacheSchemaWrite represents "If `l3CacheSchema` is set, runtimes MUST write the value to the `schemata` file in the `<container-id>` directory discussed in `intelRdt`."
    56  	IntelRdtL3CacheSchemaWrite
    57  	// IntelRdtL3CacheSchemaNotWrite represents "If `l3CacheSchema` is not set, runtimes MUST NOT write to `schemata` files in any `resctrl` pseudo-filesystems."
    58  	IntelRdtL3CacheSchemaNotWrite
    59  	// SeccSyscallsNamesRequired represents "`names` MUST contain at least one entry."
    60  	SeccSyscallsNamesRequired
    61  	// MaskedPathsAbs represents "maskedPaths (array of strings, OPTIONAL) will mask over the provided paths inside the container so that they cannot be read. The values MUST be absolute paths in the container namespace."
    62  	MaskedPathsAbs
    63  	// ReadonlyPathsAbs represents "readonlyPaths (array of strings, OPTIONAL) will set the provided paths as readonly inside the container. The values MUST be absolute paths in the container namespace."
    64  	ReadonlyPathsAbs
    65  )
    66  
    67  var (
    68  	defaultFilesystemsRef = func(version string) (reference string, err error) {
    69  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#default-filesystems"), nil
    70  	}
    71  	namespacesRef = func(version string) (reference string, err error) {
    72  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#namespaces"), nil
    73  	}
    74  	userNamespaceMappingsRef = func(version string) (reference string, err error) {
    75  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#user-namespace-mappings"), nil
    76  	}
    77  	devicesRef = func(version string) (reference string, err error) {
    78  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#devices"), nil
    79  	}
    80  	defaultDevicesRef = func(version string) (reference string, err error) {
    81  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#default-devices"), nil
    82  	}
    83  	cgroupsPathRef = func(version string) (reference string, err error) {
    84  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#cgroups-path"), nil
    85  	}
    86  	deviceWhitelistRef = func(version string) (reference string, err error) {
    87  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#device-whitelist"), nil
    88  	}
    89  	blockIoRef = func(version string) (reference string, err error) {
    90  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#block-io"), nil
    91  	}
    92  	intelrdtRef = func(version string) (reference string, err error) {
    93  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#intelrdt"), nil
    94  	}
    95  	seccompRef = func(version string) (reference string, err error) {
    96  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#seccomp"), nil
    97  	}
    98  	maskedPathsRef = func(version string) (reference string, err error) {
    99  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#masked-paths"), nil
   100  	}
   101  	readonlyPathsRef = func(version string) (reference string, err error) {
   102  		return fmt.Sprintf(referenceTemplate, version, "config-linux.md#readonly-paths"), nil
   103  	}
   104  )
   105  
   106  func init() {
   107  	register(DefaultFilesystems, rfc2119.Should, defaultFilesystemsRef)
   108  	register(NSPathAbs, rfc2119.Must, namespacesRef)
   109  	register(NSProcInPath, rfc2119.Must, namespacesRef)
   110  	register(NSPathMatchTypeError, rfc2119.Must, namespacesRef)
   111  	register(NSNewNSWithoutPath, rfc2119.Must, namespacesRef)
   112  	register(NSInheritWithoutType, rfc2119.Must, namespacesRef)
   113  	register(NSErrorOnDup, rfc2119.Must, namespacesRef)
   114  	register(UserNSMapOwnershipRO, rfc2119.Should, userNamespaceMappingsRef)
   115  	register(DevicesAvailable, rfc2119.Must, devicesRef)
   116  	register(DevicesFileNotMatch, rfc2119.Must, devicesRef)
   117  	register(DevicesMajMinRequired, rfc2119.Required, devicesRef)
   118  	register(DevicesErrorOnDup, rfc2119.Should, devicesRef)
   119  	register(DefaultDevices, rfc2119.Must, defaultDevicesRef)
   120  	register(CgroupsPathAbsOrRel, rfc2119.Must, cgroupsPathRef)
   121  	register(CgroupsAbsPathRelToMount, rfc2119.Must, cgroupsPathRef)
   122  	register(CgroupsPathAttach, rfc2119.Must, cgroupsPathRef)
   123  	register(CgroupsPathError, rfc2119.Must, cgroupsPathRef)
   124  	register(DevicesApplyInOrder, rfc2119.Must, deviceWhitelistRef)
   125  	register(BlkIOWeightOrLeafWeightExist, rfc2119.Must, blockIoRef)
   126  	register(IntelRdtPIDWrite, rfc2119.Must, intelrdtRef)
   127  	register(IntelRdtNoMountedResctrlError, rfc2119.Must, intelrdtRef)
   128  	register(NotManipResctrlWithoutIntelRdt, rfc2119.Must, intelrdtRef)
   129  	register(IntelRdtL3CacheSchemaWrite, rfc2119.Must, intelrdtRef)
   130  	register(IntelRdtL3CacheSchemaNotWrite, rfc2119.Must, intelrdtRef)
   131  	register(SeccSyscallsNamesRequired, rfc2119.Must, seccompRef)
   132  	register(MaskedPathsAbs, rfc2119.Must, maskedPathsRef)
   133  	register(ReadonlyPathsAbs, rfc2119.Must, readonlyPathsRef)
   134  }