Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Define actions for Seccomp rules.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

Additional architectures permitted to be used for system calls By default only the native architecture of the kernel is permitted.

IPCNamespace for isolating System V IPC, POSIX message queues.

MountNamespace for isolating mount points.

NetworkNamespace for isolating network devices, stacks, ports, etc.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

Define operators for syscall arguments in Seccomp.

PIDNamespace for isolating process IDs.

UserNamespace for isolating user and group IDs.

UTSNamespace for isolating hostname and NIS domain name.

VersionDev indicates development branch.

VersionMajor is for an API incompatible changes.

VersionMinor is for functionality in a backwards-compatible manner.

VersionPatch is for backwards-compatible bug fixes.

Version is the specification version that the package types support.

Arg used for matching specific syscall arguments in Seccomp.

BlockIO for Linux cgroup 'blkio' resource management.

CPU for Linux cgroup 'cpu' resource management.

Device represents the mknod information for a Linux special device file.

DeviceCgroup represents a device rule for the whitelist controller.

Hook specifies a command that is run at a particular event in the lifecycle of a container.

Hooks for container setup and teardown.

HugepageLimit structure corresponds to limiting kernel hugepages.

IDMapping specifies UID/GID mappings.

InterfacePriority for network interfaces.

Linux contains platform specific configuration for Linux based containers.

Memory for Linux cgroup 'memory' resource management.

Mount specifies a mount for a container.

Namespace is the configuration for a Linux namespace.

Network identification and priority configuration.

Pids for Linux cgroup 'pids' resource management (Linux 4.3).

Platform specifies OS and arch information for the host system that the container is created for.

Process contains information to start a specific application inside the container.

Resources has container runtime resource constraints.

Rlimit type and restrictions.

Root contains information about the container's root filesystem on the host.

Seccomp represents syscall restrictions.

Spec is the base configuration for the container.

State holds information about the runtime state of the container.

Syscall is used to match a syscall in Seccomp.

ThrottleDevice struct holds a `major:minor rate_per_second` pair.

User specifies Linux specific user and group information for the container's main process.

WeightDevice struct holds a `major:minor weight` pair for blkioWeightDevice.

Action taken upon Seccomp rule match.

Arch used for additional architectures.

NamespaceType is one of the Linux namespaces.

Operator used to match syscall arguments in Seccomp.