From da5029b7b1cf32323648674d37d6bcb42b167c14 Mon Sep 17 00:00:00 2001 From: Ma Shimiao Date: Thu, 11 May 2017 10:31:51 +0800 Subject: [PATCH] generate: output minimal template in default in default generate ouput which contains minial requests of spec Signed-off-by: Ma Shimiao --- generate/generate.go | 138 +------------------------------------------ 1 file changed, 2 insertions(+), 136 deletions(-) diff --git a/generate/generate.go b/generate/generate.go index 4a814e456..7a5913842 100644 --- a/generate/generate.go +++ b/generate/generate.go @@ -34,112 +34,13 @@ type ExportOptions struct { func New() Generator { spec := rspec.Spec{ Version: rspec.Version, - Root: rspec.Root{ - Path: "", - Readonly: false, - }, Process: rspec.Process{ - Terminal: false, - User: rspec.User{}, + User: rspec.User{}, Args: []string{ "sh", }, - Env: []string{ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM=xterm", - }, Cwd: "/", - Capabilities: &rspec.LinuxCapabilities{ - Bounding: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, - Permitted: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, - Inheritable: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, - Effective: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, - Ambient: []string{ - "CAP_CHOWN", - "CAP_DAC_OVERRIDE", - "CAP_FSETID", - "CAP_FOWNER", - "CAP_MKNOD", - "CAP_NET_RAW", - "CAP_SETGID", - "CAP_SETUID", - "CAP_SETFCAP", - "CAP_SETPCAP", - "CAP_NET_BIND_SERVICE", - "CAP_SYS_CHROOT", - "CAP_KILL", - "CAP_AUDIT_WRITE", - }, - }, - Rlimits: []rspec.LinuxRlimit{ - { - Type: "RLIMIT_NOFILE", - Hard: uint64(1024), - Soft: uint64(1024), - }, - }, }, - Hostname: "mrsdalloway", Mounts: []rspec.Mount{ { Destination: "/proc", @@ -157,7 +58,7 @@ func New() Generator { Destination: "/dev/pts", Type: "devpts", Source: "devpts", - Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5"}, + Options: []string{"nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620"}, }, { Destination: "/dev/shm", @@ -165,12 +66,6 @@ func New() Generator { Source: "shm", Options: []string{"nosuid", "noexec", "nodev", "mode=1777", "size=65536k"}, }, - { - Destination: "/dev/mqueue", - Type: "mqueue", - Source: "mqueue", - Options: []string{"nosuid", "noexec", "nodev"}, - }, { Destination: "/sys", Type: "sysfs", @@ -178,36 +73,7 @@ func New() Generator { Options: []string{"nosuid", "noexec", "nodev", "ro"}, }, }, - Linux: &rspec.Linux{ - Resources: &rspec.LinuxResources{ - Devices: []rspec.LinuxDeviceCgroup{ - { - Allow: false, - Access: "rwm", - }, - }, - }, - Namespaces: []rspec.LinuxNamespace{ - { - Type: "pid", - }, - { - Type: "network", - }, - { - Type: "ipc", - }, - { - Type: "uts", - }, - { - Type: "mount", - }, - }, - Devices: []rspec.LinuxDevice{}, - }, } - spec.Linux.Seccomp = seccomp.DefaultProfile(&spec) return Generator{ spec: &spec, }