IsNamespaceSupported returns whether a namespace is available or not.

NewCommandHook will execute the provided command when the hook is run.

NewFunctionHook will call the provided function when the hook is run.

NewThrottleDevice returns a configured ThrottleDevice pointer.

NewWeightDevice returns a configured WeightDevice pointer.

NsName converts the namespace type to its filename.

EXT_COPYUP is a directive to copy up the contents of a directory when a tmpfs is mounted over it.

DefaultSimpleDevices are devices that are to be both allowed and created.

Arg is a rule to match a specific syscall argument in Seccomp.

Config defines configuration options for executing a process inside a contained environment.

IDMap represents UID/GID Mappings for User Namespaces.

Namespace defines configuration for each namespace.

Network defines configuration for a container's networking stack The network configuration can be omitted from a container causing the container to be setup with the host's networking stack.

Routes can be specified to create entries in the route table as the container is started All of destination, source, and gateway should be either IPv4 or IPv6.

Seccomp represents syscall restrictions By default, only the native architecture of the kernel is allowed to be used for syscalls.

Syscall is a rule to match a syscall in Seccomp.

ThrottleDevice struct holds a `major:minor rate_per_second` pair.

WeightDevice struct holds a `major:minor weight`|`major:minor leaf_weight` pair.

Action is taken upon rule match in Seccomp.

Operator is a comparison operator to be used when matching syscall arguments in Seccomp.