diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-10-10 10:49:56 +0200 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2021-10-10 10:49:56 +0200 |
| commit | 5a6a63daefb382bc8631ac35e8c80830a1e422fd (patch) | |
| tree | ae24f699ac254a7d458f2697990a02150141b5dc /src/runner/runc/spec.rs | |
| parent | 4bcba06450a0949a188e76850df419dcd976c0cb (diff) | |
| download | rebel-5a6a63daefb382bc8631ac35e8c80830a1e422fd.tar rebel-5a6a63daefb382bc8631ac35e8c80830a1e422fd.zip | |
Rename runc runner to "container"
The runner should also work with other OCI runtimes.
Diffstat (limited to 'src/runner/runc/spec.rs')
| -rw-r--r-- | src/runner/runc/spec.rs | 177 |
1 files changed, 0 insertions, 177 deletions
diff --git a/src/runner/runc/spec.rs b/src/runner/runc/spec.rs deleted file mode 100644 index 8c75363..0000000 --- a/src/runner/runc/spec.rs +++ /dev/null @@ -1,177 +0,0 @@ -use oci_spec::runtime; -use serde_json::json; - -use crate::{paths, unshare}; - -pub fn generate_spec(command: &str) -> runtime::Spec { - serde_json::from_value(json!({ - "ociVersion": "1.0.2", - "process": { - "terminal": false, - "user": { - "uid": unshare::BUILD_UID.as_raw(), - "gid": unshare::BUILD_GID.as_raw(), - }, - "args": [ - "sh", - "-exc", - command - ], - "env": [ - "PATH=/usr/sbin:/usr/bin:/sbin:/bin", - "HOME=/build", - ], - "cwd": paths::abs(paths::TASK_WORKDIR), - "noNewPrivileges": true - }, - "root": { - "path": paths::TASK_TMP_ROOTFS_SUBDIR, - "readonly": true - }, - "hostname": "rebel-builder", - "mounts": [ - { - "destination": paths::abs(paths::TASK_BUILDDIR), - "type": "none", - "source": paths::TASK_BUILDDIR, - "options": [ - "rbind" - ] - }, - { - "destination": "/tmp", - "type": "tmpfs", - "source": "tmp", - "options": [ - "nodev", - "nosuid", - "mode=1777", - "size=1048576k" - ] - }, - { - "destination": "/proc", - "type": "proc", - "source": "proc" - }, - { - "destination": "/dev", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "destination": "/dev/pts", - "type": "devpts", - "source": "devpts", - "options": [ - "nosuid", - "noexec", - "newinstance", - "ptmxmode=0666", - "mode=0620" - ] - }, - { - "destination": "/dev/shm", - "type": "tmpfs", - "source": "shm", - "options": [ - "nosuid", - "noexec", - "nodev", - "mode=1777", - "size=65536k" - ] - }, - { - "destination": "/dev/mqueue", - "type": "mqueue", - "source": "mqueue", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - }, - ], - "linux": { - "uidMappings": [ - { - "containerID": 0, - "hostID": unshare::MAPPED_ROOT_UID.as_raw(), - "size": 1 - }, - { - "containerID": unshare::BUILD_UID.as_raw(), - "hostID": 0, - "size": 1 - } - ], - "gidMappings": [ - { - "containerID": 0, - "hostID": unshare::MAPPED_ROOT_GID.as_raw(), - "size": 1 - }, - { - "containerID": unshare::BUILD_GID.as_raw(), - "hostID": 0, - "size": 1 - } - ], - "resources": { - "devices": [ - { - "allow": false, - "access": "rwm" - } - ] - }, - "namespaces": [ - { - "type": "pid" - }, - { - "type": "network" - }, - { - "type": "ipc" - }, - { - "type": "uts" - }, - { - "type": "mount" - }, - { - "type": "user" - } - ], - "maskedPaths": [ - "/proc/acpi", - "/proc/asound", - "/proc/kcore", - "/proc/keys", - "/proc/latency_stats", - "/proc/timer_list", - "/proc/timer_stats", - "/proc/sched_debug", - "/proc/scsi" - ], - "readonlyPaths": [ - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger" - ] - } - })) - .unwrap() -} |