ApplyOpts applies the options to the given spec, injecting data from the context, client and container instance.

Compose converts a sequence of spec operations into a single operation.

GenerateSpec will generate a default spec from the provided image for use as a containerd container.

GenerateSpecWithPlatform will generate a default spec from the provided image for use as a containerd container in the platform requested.

GetAllCapabilities returns all caps up to CAP_LAST_CAP or CAP_BLOCK_SUSPEND on RHEL6.

WithAddedCapabilities adds the provided capabilities.

WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem The passed in user can be either a uid or a username.

WithAllDevicesAllowed permits READ WRITE MKNOD on all devices nodes for the container.

WithAmbientCapabilities set the Linux ambient capabilities for the process Ambient capabilities should only be set for non-root users or the caller should understand how these capabilities are used and set.

WithAnnotations appends or replaces the annotations on the spec with the provided annotations.

WithApparmorProfile sets the Apparmor profile for the process.

WithCapabilities sets Linux capabilities on the process.

WithCgroup sets the container's cgroup path.

WithCPUCFS sets the container's Completely fair scheduling (CFS) quota and period.

WithCPUs sets the container's cpus/cores for use by the container.

WithCPUShares sets the container's cpu shares.

WithCPUsMems sets the container's cpu mems for use by the container.

WithDefaultPathEnv sets the $PATH environment variable to the default PATH defined in this package.

WithDefaultSpec returns a SpecOpts that will populate the spec with default values.

WithDefaultSpecForPlatform returns a SpecOpts that will populate the spec with default values for a given platform.

WithDefaultUnixDevices adds the default devices for unix such as /dev/null, /dev/random to the container's resource cgroup spec.

WithDevShmSize sets the size of the /dev/shm mount for the container.

WithDroppedCapabilities removes the provided capabilities.

WithEnv appends environment variables.

WithEnvFile adds environment variables from a file to the container's spec.

WithHostDevices adds all the hosts device nodes to the container's spec.

WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly.

WithHostLocaltime bind-mounts the host's /etc/localtime into the container as readonly.

WithHostname sets the container's hostname.

WithHostNamespace allows a task to run inside the host's linux namespace.

WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly.

WithImageConfig configures the spec to from the configuration of an Image.

WithImageConfigArgs configures the spec to from the configuration of an Image with additional args that replaces the CMD of the image.

WithLinuxDevice adds the device specified by path to the spec.

WithLinuxDevices adds the provided linux devices to the spec.

WithLinuxNamespace uses the passed in namespace for the spec.

WithMaskedPaths sets the masked paths option.

WithMemoryLimit sets the `Linux.LinuxResources.Memory.Limit` section to the `limit` specified if the `Linux` section is not `nil`.

WithMemorySwap sets the container's swap in bytes.

WithMounts appends mounts.

WithNamespacedCgroup uses the namespace set on the context to create a root directory for containers in the cgroup with the id as the subcgroup.

WithNewPrivileges turns off the NoNewPrivileges feature flag in the spec.

WithNoNewPrivileges sets no_new_privileges on the process for the container.

WithParentCgroupDevices uses the default cgroup setup to inherit the container's parent cgroup's allowed and denied devices.

WithPidsLimit sets the container's pid limit or maximum.

WithProcessArgs replaces the args on the generated spec.

WithProcessCwd replaces the current working directory on the generated spec.

WithReadonlyPaths sets the read only paths option.

WithRootFSPath specifies unmanaged rootfs path.

WithRootFSReadonly sets specs.Root.Readonly to true.

WithSeccompUnconfined clears the seccomp profile.

WithSelinuxLabel sets the process SELinux label.

WithSpecFromBytes loads the spec from the provided byte slice.

WithSpecFromFile loads the specification from the provided filename.

WithTTY sets the information on the spec as well as the environment variables for using a TTY.

WithTTYSize sets the information on the spec as well as the environment variables for using a TTY.

WithUIDGID allows the UID and GID for the Process to be set.

WithUser sets the user to be used within the container.

WithUserID sets the correct UID and GID for the container based on the image's /etc/passwd contents.

WithUsername sets the correct UID and GID for the container based on the image's /etc/passwd contents.

WithUserNamespace sets the uid and gid mappings for the task this can be called multiple times to add more mappings to the generated spec.

WithWindowsHyperV sets the Windows.HyperV section for HyperV isolation of containers.

WithWriteableCgroupfs makes any cgroup mounts writeable.

WithWriteableSysfs makes any sysfs mounts writeable.

ErrNoShmMount is returned when there is no /dev/shm mount specified in the config and an Opts was trying to set a configuration value on the mount.

WithAllCapabilities sets all linux capabilities for the process.

WithPrivileged sets up options for a privileged container.

Client interface used by SpecOpt.

Image interface used by some SpecOpt to query image configuration.

Spec is a type alias to the OCI runtime spec to allow third part SpecOpts to be created without the "issues" with go vendoring and package imports.

SpecOpts sets spec specific information to a newly generated OCI spec.