(w io.Writer, cwd string, netns string, args []string, tpu bool)
| 85 | } |
| 86 | |
| 87 | func writeSpec(w io.Writer, cwd string, netns string, args []string, tpu bool) error { |
| 88 | spec := &specs.Spec{ |
| 89 | Version: "1.0.0", |
| 90 | Process: &specs.Process{ |
| 91 | User: specs.User{ |
| 92 | UID: 0, |
| 93 | GID: 0, |
| 94 | }, |
| 95 | Args: args, |
| 96 | Env: []string{ |
| 97 | "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", |
| 98 | "TERM=xterm", |
| 99 | }, |
| 100 | Cwd: cwd, |
| 101 | Capabilities: &specs.LinuxCapabilities{ |
| 102 | Bounding: []string{ |
| 103 | "CAP_AUDIT_WRITE", |
| 104 | "CAP_KILL", |
| 105 | "CAP_NET_BIND_SERVICE", |
| 106 | }, |
| 107 | Effective: []string{ |
| 108 | "CAP_AUDIT_WRITE", |
| 109 | "CAP_KILL", |
| 110 | "CAP_NET_BIND_SERVICE", |
| 111 | }, |
| 112 | Inheritable: []string{ |
| 113 | "CAP_AUDIT_WRITE", |
| 114 | "CAP_KILL", |
| 115 | "CAP_NET_BIND_SERVICE", |
| 116 | }, |
| 117 | Permitted: []string{ |
| 118 | "CAP_AUDIT_WRITE", |
| 119 | "CAP_KILL", |
| 120 | "CAP_NET_BIND_SERVICE", |
| 121 | }, |
| 122 | Ambient: []string{}, |
| 123 | }, |
| 124 | Rlimits: []specs.POSIXRlimit{ |
| 125 | { |
| 126 | Type: "RLIMIT_NOFILE", |
| 127 | Hard: 1024, |
| 128 | Soft: 1024, |
| 129 | }, |
| 130 | }, |
| 131 | }, |
| 132 | Root: &specs.Root{ |
| 133 | Path: "rootfs", |
| 134 | Readonly: true, |
| 135 | }, |
| 136 | Hostname: "runsc", |
| 137 | Mounts: []specs.Mount{ |
| 138 | { |
| 139 | Destination: "/proc", |
| 140 | Type: "proc", |
| 141 | Source: "proc", |
| 142 | }, |
| 143 | { |
| 144 | Destination: "/dev", |
no test coverage detected
searching dependent graphs…