# Functions
ApplyOpts applys the options to the given spec, injecting data from the context, client and container instance.
Compose converts a sequence of spec operations into a single operation.
GenerateSpec will generate a default spec from the provided image for use as a containerd container.
GenerateSpecWithPlatform will generate a default spec from the provided image for use as a containerd container in the platform requested.
WithAdditionalGIDs sets the OCI spec's additionalGids array to any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem The passed in user can be either a uid or a username.
WithAmbientCapabilities set the Linux ambient capabilities for the process Ambient capabilities should only be set for non-root users or the caller should understand how these capabilities are used and set.
WithApparmorProfile sets the Apparmor profile for the process.
WithCapabilities sets Linux capabilities on the process.
WithCgroup sets the container's cgroup path.
WithDefaultSpec returns a SpecOpts that will populate the spec with default values.
WithDefaultSpecForPlatform returns a SpecOpts that will populate the spec with default values for a given platform.
WithDefaultUnixDevices adds the default devices for unix such as /dev/null, /dev/random to the container's resource cgroup spec.
WithEnv appends environment variables.
WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly.
WithHostLocaltime bind-mounts the host's /etc/localtime into the container as readonly.
WithHostname sets the container's hostname.
WithHostNamespace allows a task to run inside the host's linux namespace.
WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly.
WithImageConfig configures the spec to from the configuration of an Image.
WithImageConfigArgs configures the spec to from the configuration of an Image with additional args that replaces the CMD of the image.
WithLinuxNamespace uses the passed in namespace for the spec.
WithMaskedPaths sets the masked paths option.
WithMounts appends mounts.
WithNamespacedCgroup uses the namespace set on the context to create a root directory for containers in the cgroup with the id as the subcgroup.
WithNewPrivileges turns off the NoNewPrivileges feature flag in the spec.
WithNoNewPrivileges sets no_new_privileges on the process for the container.
WithParentCgroupDevices uses the default cgroup setup to inherit the container's parent cgroup's allowed and denied devices.
WithProcessArgs replaces the args on the generated spec.
WithProcessCwd replaces the current working directory on the generated spec.
WithReadonlyPaths sets the read only paths option.
WithRootFSPath specifies unmanaged rootfs path.
WithRootFSReadonly sets specs.Root.Readonly to true.
WithSeccompUnconfined clears the seccomp profile.
WithSelinuxLabel sets the process SELinux label.
WithSpecFromBytes loads the the spec from the provided byte slice.
WithSpecFromFile loads the specification from the provided filename.
WithTTY sets the information on the spec as well as the environment variables for using a TTY.
WithTTYSize sets the information on the spec as well as the environment variables for using a TTY.
WithUIDGID allows the UID and GID for the Process to be set.
WithUser sets the user to be used within the container.
WithUserID sets the correct UID and GID for the container based on the image's /etc/passwd contents.
WithUsername sets the correct UID and GID for the container based on the the image's /etc/passwd contents.
WithUserNamespace sets the uid and gid mappings for the task this can be called multiple times to add more mappings to the generated spec.
WithWindowsHyperV sets the Windows.HyperV section for HyperV isolation of containers.
WithWriteableCgroupfs makes any cgroup mounts writeable.
WithWriteableSysfs makes any sysfs mounts writeable.
# Variables
WithAllCapabilities sets all linux capabilities for the process.
WithPrivileged sets up options for a privileged container TODO(justincormack) device handling.