Package features provides the Features struct.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

CgroupNamespace for isolating cgroup hierarchies.

Possible values for IOPriorityClass.

Possible values for IOPriorityClass.

Possible values for IOPriorityClass.

IPCNamespace for isolating System V IPC, POSIX message queues.

LinuxSeccompFlagLog is a seccomp flag to request all returned actions except SECCOMP_RET_ALLOW to be logged.

LinuxSeccompFlagSpecAllow can be used to disable Speculative Store Bypass mitigation.

LinuxSeccompFlagWaitKillableRecv can be used to switch to the wait killable semantics.

MountNamespace for isolating mount points.

NetworkNamespace for isolating network devices, stacks, ports, etc.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

PerLinux is the standard Linux personality.

PerLinux32 sets personality to 32 bit.

PIDNamespace for isolating process IDs.

SchedBatch is the Batch scheduling policy.

SchedDeadline is the Deadline scheduling policy.

SchedFIFO is the First-In-First-Out scheduling policy.

SchedFlagDLOverrun represents the deadline overrun scheduling flag.

SchedFlagKeepParams represents the keep parameters scheduling flag.

SchedFlagKeepPolicy represents the keep policy scheduling flag.

SchedFlagReclaim represents the reclaim scheduling flag.

SchedFlagResetOnFork represents the reset on fork scheduling flag.

SchedFlagUtilClampMin represents the utilization clamp maximum scheduling flag.

SchedFlagUtilClampMin represents the utilization clamp minimum scheduling flag.

SchedIdle is the Idle scheduling policy.

SchedISO is the Isolation scheduling policy.

SchedOther is the default scheduling policy.

SchedRR is the Round-Robin scheduling policy.

SeccompFdName is the name of the seccomp notify file descriptor.

StateCreated indicates that the runtime has finished the create operation.

StateCreating indicates that the container is being created.

StateRunning indicates that the container process has executed the user-specified program but has not exited.

StateStopped indicates that the container process has exited.

TimeNamespace for isolating the clocks.

UserNamespace for isolating user and group IDs.

UTSNamespace for isolating hostname and NIS domain name.

VersionDev indicates development branch.

VersionMajor is for an API incompatible changes.

VersionMinor is for functionality in a backwards-compatible manner.

VersionPatch is for backwards-compatible bug fixes.

Version is the specification version that the package types support.

Box specifies dimensions of a rectangle.

ContainerProcessState holds information about the state of a container process.

Hook specifies a command that is run at a particular event in the lifecycle of a container.

Hooks specifies a command that is run in the container at a particular event in the lifecycle of a container Hooks for container setup and teardown.

Linux contains platform-specific configuration for Linux based containers.

LinuxBlockIO for Linux cgroup 'blkio' resource management.

LinuxBlockIODevice holds major:minor format supported in blkio cgroup.

LinuxCapabilities specifies the list of allowed capabilities that are kept for a process.

LinuxCPU for Linux cgroup 'cpu' resource management.

LinuxDevice represents the mknod information for a Linux special device file.

LinuxDeviceCgroup represents a device rule for the devices specified to the device controller.

LinuxHugepageLimit structure corresponds to limiting kernel hugepages.

LinuxIDMapping specifies UID/GID mappings.

LinuxIntelRdt has container runtime resource constraints for Intel RDT CAT and MBA features and flags enabling Intel RDT CMT and MBM features.

LinuxInterfacePriority for network interfaces.

IOPriority represents I/O priority settings for the container's processes within the process group.

LinuxMemory for Linux cgroup 'memory' resource management.

LinuxNamespace is the configuration for a Linux namespace.

LinuxNetwork identification and priority configuration.

LinuxPersonality represents the Linux personality syscall input.

LinuxPids for Linux cgroup 'pids' resource management (Linux 4.3).

LinuxRdma for Linux cgroup 'rdma' resource management (Linux 4.11).

LinuxResources has container runtime resource constraints.

LinuxSeccomp represents syscall restrictions.

LinuxSeccompArg used for matching specific syscall arguments in Seccomp.

LinuxSyscall is used to match a syscall in Seccomp.

LinuxThrottleDevice struct holds a `major:minor rate_per_second` pair.

LinuxTimeOffset specifies the offset for Time Namespace.

LinuxWeightDevice struct holds a `major:minor weight` pair for weightDevice.

Mount specifies a mount for a container.

POSIXRlimit type and restrictions.

Process contains information to start a specific application inside the container.

Root contains information about the container's root filesystem on the host.

Scheduler represents the scheduling attributes for a process.

Solaris contains platform-specific configuration for Solaris application containers.

SolarisAnet provides the specification for automatic creation of network resources for this container.

SolarisCappedCPU allows users to set limit on the amount of CPU time that can be used by container.

SolarisCappedMemory allows users to set the physical and swap caps on the memory that can be used by this container.

Spec is the base configuration for the container.

State holds information about the runtime state of the container.

User specifies specific user (and group) information for the container process.

VM contains information for virtual-machine-based containers.

VMHypervisor contains information about the hypervisor to use for a virtual machine.

VMImage contains information about the virtual machine root image.

VMKernel contains information about the kernel to use for a virtual machine.

Windows defines the runtime configuration for Windows based containers, including Hyper-V containers.

WindowsCPUResources contains CPU resource management settings.

WindowsDevice represents information about a host device to be mapped into the container.

WindowsHyperV contains information for configuring a container to run with Hyper-V isolation.

WindowsMemoryResources contains memory resource management settings.

WindowsNetwork contains network settings for Windows containers.

WindowsResources has container runtime resource constraints for containers running on Windows.

WindowsStorageResources contains storage resource management settings.

ZOS contains platform-specific configuration for z/OS based containers.

ZOSDevice represents the mknod information for a z/OS special device file.

Arch used for additional architectures.

ContainerState represents the state of a container.

IOPriorityClass represents an I/O scheduling class.

LinuxNamespaceType is one of the Linux namespaces.

LinuxPersonalityDomain refers to a personality domain.

LinuxPersonalityFlag refers to an additional personality flag.

LinuxSchedulerFlag represents the flags used by the Linux Scheduler.

LinuxSchedulerPolicy represents different scheduling policies used with the Linux Scheduler.

LinuxSeccompAction taken upon Seccomp rule match.

LinuxSeccompFlag is a flag to pass to seccomp(2).

LinuxSeccompOperator used to match syscall arguments in Seccomp.