IsNamespaceSupported returns whether a namespace is available or not.

KnownHookNames returns the known hook names.

NewCommandHook will execute the provided command when the hook is run.

NewFunctionHook will call the provided function when the hook is run.

NewThrottleDevice returns a configured ThrottleDevice pointer.

NewWeightDevice returns a configured WeightDevice pointer.

NsName converts the namespace type to its filename.

ToSchedAttr is to convert *configs.Scheduler to *unix.SchedAttr.

CreateContainer commands MUST be called as part of the create operation after the runtime environment has been created but before the pivot_root has been executed.

CreateRuntime commands MUST be called as part of the create operation after the runtime environment has been created but before the pivot_root has been executed.

nolint:golint,revive // ignore "don't use ALL_CAPS" warning.

Please check https://man7.org/linux/man-pages/man2/personality.2.html for const details.

Please check https://man7.org/linux/man-pages/man2/personality.2.html for const details.

Poststart commands are executed after the container init process starts.

Poststop commands are executed after the container init process exits.

Prestart commands are executed after the container namespaces are created, but before the user supplied command is executed from init.

StartContainer commands MUST be called as part of the start operation and before the container process is started.

Arg is a rule to match a specific syscall argument in Seccomp.

BlockIODevice holds major:minor format supported in blkio cgroup.

Cgroup holds properties of a cgroup on Linux.

Config defines configuration options for executing a process inside a contained environment.

IDMap represents UID/GID Mappings for User Namespaces.

LinuxRdma for Linux cgroup 'rdma' resource management (Linux 4.11).

Namespace defines configuration for each namespace.

Network defines configuration for a container's networking stack The network configuration can be omitted from a container causing the container to be setup with the host's networking stack.

Route defines a routing table entry.

Seccomp represents syscall restrictions By default, only the native architecture of the kernel is allowed to be used for syscalls.

Syscall is a rule to match a syscall in Seccomp.

ThrottleDevice struct holds a `major:minor rate_per_second` pair.

WeightDevice struct holds a `major:minor weight`|`major:minor leaf_weight` pair.

Action is taken upon rule match in Seccomp.

Operator is a comparison operator to be used when matching syscall arguments in Seccomp.

Scheduler is based on the Linux sched_setattr(2) syscall.