/
config.go
486 lines (404 loc) · 16.1 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
// Copyright (c) 2018, Sylabs Inc. All rights reserved.
// This software is licensed under a 3-clause BSD license. Please consult the
// LICENSE.md file distributed with the sources of this project regarding your
// rights to use or distribute this software.
package singularity
import (
"github.com/sylabs/singularity/internal/pkg/cgroups"
"github.com/sylabs/singularity/internal/pkg/image"
"github.com/sylabs/singularity/internal/pkg/network"
"github.com/sylabs/singularity/internal/pkg/runtime/engines/config/oci"
)
// Name is the name of the runtime.
const Name = "singularity"
// FileConfig describes the singularity.conf file options
type FileConfig struct {
AllowSetuid bool `default:"yes" authorized:"yes,no" directive:"allow setuid"`
MaxLoopDevices uint `default:"256" directive:"max loop devices"`
AllowPidNs bool `default:"yes" authorized:"yes,no" directive:"allow pid ns"`
ConfigPasswd bool `default:"yes" authorized:"yes,no" directive:"config passwd"`
ConfigGroup bool `default:"yes" authorized:"yes,no" directive:"config group"`
ConfigResolvConf bool `default:"yes" authorized:"yes,no" directive:"config resolv_conf"`
MountProc bool `default:"yes" authorized:"yes,no" directive:"mount proc"`
MountSys bool `default:"yes" authorized:"yes,no" directive:"mount sys"`
MountDev string `default:"yes" authorized:"yes,no,minimal" directive:"mount dev"`
MountDevPts bool `default:"yes" authorized:"yes,no" directive:"mount devpts"`
MountHome bool `default:"yes" authorized:"yes,no" directive:"mount home"`
MountTmp bool `default:"yes" authorized:"yes,no" directive:"mount tmp"`
MountHostfs bool `default:"no" authorized:"yes,no" directive:"mount hostfs"`
BindPath []string `default:"/etc/localtime,/etc/hosts" directive:"bind path"`
UserBindControl bool `default:"yes" authorized:"yes,no" directive:"user bind control"`
EnableOverlay string `default:"try" authorized:"yes,no,try" directive:"enable overlay"`
EnableUnderlay bool `default:"yes" authorized:"yes,no" directive:"enable underlay"`
MountSlave bool `default:"yes" authorized:"yes,no" directive:"mount slave"`
SessiondirMaxSize uint `default:"16" directive:"sessiondir max size"`
LimitContainerOwners []string `directive:"limit container owners"`
LimitContainerGroups []string `directive:"limit container groups"`
LimitContainerPaths []string `directive:"limit container paths"`
AllowContainerSquashfs bool `default:"yes" authorized:"yes,no" directive:"allow container squashfs"`
AllowContainerExtfs bool `default:"yes" authorized:"yes,no" directive:"allow container extfs"`
AllowContainerDir bool `default:"yes" authorized:"yes,no" directive:"allow container dir"`
AutofsBugPath []string `directive:"autofs bug path"`
AlwaysUseNv bool `default:"no" authorized:"yes,no" directive:"always use nv"`
RootDefaultCapabilities string `default:"full" authorized:"full,file,no" directive:"root default capabilities"`
MemoryFSType string `default:"tmpfs" authorized:"tmpfs,ramfs" directive:"memory fs type"`
CniConfPath string `directive:"cni configuration path"`
CniPluginPath string `directive:"cni plugin path"`
MksquashfsPath string `directive:"mksquashfs path"`
}
// JSONConfig stores engine specific confguration that is allowed to be set by the user
type JSONConfig struct {
Image string `json:"image"`
WritableImage bool `json:"writableImage,omitempty"`
WritableTmpfs bool `json:"writableTmpfs,omitempty"`
OverlayImage []string `json:"overlayImage,omitempty"`
Contain bool `json:"container,omitempty"`
Nv bool `json:"nv,omitempty"`
Workdir string `json:"workdir,omitempty"`
ScratchDir []string `json:"scratchdir,omitempty"`
HomeSource string `json:"homedir,omitempty"`
HomeDest string `json:"homeDest,omitempty"`
CustomHome bool `json:"customHome,omitempty"`
BindPath []string `json:"bindpath,omitempty"`
Command string `json:"command,omitempty"`
Shell string `json:"shell,omitempty"`
TmpDir string `json:"tmpdir,omitempty"`
Instance bool `json:"instance,omitempty"`
InstanceJoin bool `json:"instanceJoin,omitempty"`
BootInstance bool `json:"bootInstance,omitempty"`
RunPrivileged bool `json:"runPrivileged,omitempty"`
AddCaps string `json:"addCaps,omitempty"`
DropCaps string `json:"dropCaps,omitempty"`
Hostname string `json:"hostname,omitempty"`
AllowSUID bool `json:"allowSUID,omitempty"`
KeepPrivs bool `json:"keepPrivs,omitempty"`
NoPrivs bool `json:"noPrivs,omitempty"`
NoHome bool `json:"noHome,omitempty"`
NoInit bool `json:"noInit,omitempty"`
ImageList []image.Image `json:"imageList,omitempty"`
Network string `json:"network,omitempty"`
NetworkArgs []string `json:"networkArgs,omitempty"`
DNS string `json:"dns,omitempty"`
Cwd string `json:"cwd,omitempty"`
Security []string `json:"security,omitempty"`
OpenFd []int `json:"openFd,omitempty"`
CgroupsPath string `json:"cgroupsPath,omitempty"`
TargetUID int `json:"targetUID,omitempty"`
TargetGID []int `json:"targetGID,omitempty"`
LibrariesPath []string `json:"librariesPath,omitempty"`
}
// EngineConfig stores both the JSONConfig and the FileConfig
type EngineConfig struct {
JSON *JSONConfig `json:"jsonConfig"`
OciConfig *oci.Config `json:"ociConfig"`
File *FileConfig `json:"-"`
Network *network.Setup `json:"-"`
Cgroups *cgroups.Manager `json:"-"`
}
// NewConfig returns singularity.EngineConfig with a parsed FileConfig
func NewConfig() *EngineConfig {
ret := &EngineConfig{
JSON: &JSONConfig{},
OciConfig: &oci.Config{},
File: &FileConfig{},
}
return ret
}
// SetImage sets the container image path to be used by EngineConfig.JSON.
func (e *EngineConfig) SetImage(name string) {
e.JSON.Image = name
}
// GetImage retrieves the container image path.
func (e *EngineConfig) GetImage() string {
return e.JSON.Image
}
// SetWritableImage defines the container image as writable or not.
func (e *EngineConfig) SetWritableImage(writable bool) {
e.JSON.WritableImage = writable
}
// GetWritableImage returns if the container image is writable or not.
func (e *EngineConfig) GetWritableImage() bool {
return e.JSON.WritableImage
}
// SetOverlayImage sets the overlay image path to be used on top of container image.
func (e *EngineConfig) SetOverlayImage(paths []string) {
e.JSON.OverlayImage = paths
}
// GetOverlayImage retrieves the overlay image path.
func (e *EngineConfig) GetOverlayImage() []string {
return e.JSON.OverlayImage
}
// SetContain sets contain flag.
func (e *EngineConfig) SetContain(contain bool) {
e.JSON.Contain = contain
}
// GetContain returns if contain flag is set or not.
func (e *EngineConfig) GetContain() bool {
return e.JSON.Contain
}
// SetNv sets nv flag to bind cuda libraries into containee.JSON.
func (e *EngineConfig) SetNv(nv bool) {
e.JSON.Nv = nv
}
// GetNv returns if nv flag is set or not.
func (e *EngineConfig) GetNv() bool {
return e.JSON.Nv
}
// SetWorkdir sets a work directory path.
func (e *EngineConfig) SetWorkdir(name string) {
e.JSON.Workdir = name
}
// GetWorkdir retrieves the work directory path.
func (e *EngineConfig) GetWorkdir() string {
return e.JSON.Workdir
}
// SetScratchDir set a scratch directory path.
func (e *EngineConfig) SetScratchDir(scratchdir []string) {
e.JSON.ScratchDir = scratchdir
}
// GetScratchDir retrieves the scratch directory path.
func (e *EngineConfig) GetScratchDir() []string {
return e.JSON.ScratchDir
}
// SetHomeSource sets the source home directory path.
func (e *EngineConfig) SetHomeSource(source string) {
e.JSON.HomeSource = source
}
// GetHomeSource retrieves the source home directory path.
func (e *EngineConfig) GetHomeSource() string {
return e.JSON.HomeSource
}
// SetHomeDest sets the container home directory path.
func (e *EngineConfig) SetHomeDest(dest string) {
e.JSON.HomeDest = dest
}
// GetHomeDest retrieves the container home directory path.
func (e *EngineConfig) GetHomeDest() string {
return e.JSON.HomeDest
}
// SetCustomHome sets if home path is a custom path or not.
func (e *EngineConfig) SetCustomHome(custom bool) {
e.JSON.CustomHome = custom
}
// GetCustomHome retrieves if home path is a custom path.
func (e *EngineConfig) GetCustomHome() bool {
return e.JSON.CustomHome
}
// SetBindPath sets paths to bind into containee.JSON.
func (e *EngineConfig) SetBindPath(bindpath []string) {
e.JSON.BindPath = bindpath
}
// GetBindPath retrieves bind paths.
func (e *EngineConfig) GetBindPath() []string {
return e.JSON.BindPath
}
// SetCommand sets action command to execute.
func (e *EngineConfig) SetCommand(command string) {
e.JSON.Command = command
}
// GetCommand retrieves action command.
func (e *EngineConfig) GetCommand() string {
return e.JSON.Command
}
// SetShell sets shell to be used by shell command.
func (e *EngineConfig) SetShell(shell string) {
e.JSON.Shell = shell
}
// GetShell retrieves shell for shell command.
func (e *EngineConfig) GetShell() string {
return e.JSON.Shell
}
// SetTmpDir sets temporary directory path.
func (e *EngineConfig) SetTmpDir(name string) {
e.JSON.TmpDir = name
}
// GetTmpDir retrieves temporary directory path.
func (e *EngineConfig) GetTmpDir() string {
return e.JSON.TmpDir
}
// SetInstance sets if container run as instance or not.
func (e *EngineConfig) SetInstance(instance bool) {
e.JSON.Instance = instance
}
// GetInstance returns if container run as instance or not.
func (e *EngineConfig) GetInstance() bool {
return e.JSON.Instance
}
// SetInstanceJoin sets if process joins an instance or not.
func (e *EngineConfig) SetInstanceJoin(join bool) {
e.JSON.InstanceJoin = join
}
// GetInstanceJoin returns if process joins an instance or not.
func (e *EngineConfig) GetInstanceJoin() bool {
return e.JSON.InstanceJoin
}
// SetBootInstance sets boot flag to execute /sbin/init as main instance process.
func (e *EngineConfig) SetBootInstance(boot bool) {
e.JSON.BootInstance = boot
}
// GetBootInstance returns if boot flag is set or not
func (e *EngineConfig) GetBootInstance() bool {
return e.JSON.BootInstance
}
// SetAddCaps sets bounding/effective/permitted/inheritable/ambient capabilities to add.
func (e *EngineConfig) SetAddCaps(caps string) {
e.JSON.AddCaps = caps
}
// GetAddCaps retrieves bounding/effective/permitted/inheritable/ambient capabilities to add.
func (e *EngineConfig) GetAddCaps() string {
return e.JSON.AddCaps
}
// SetDropCaps sets bounding/effective/permitted/inheritable/ambient capabilities to drop.
func (e *EngineConfig) SetDropCaps(caps string) {
e.JSON.DropCaps = caps
}
// GetDropCaps retrieves bounding/effective/permitted/inheritable/ambient capabilities to drop.
func (e *EngineConfig) GetDropCaps() string {
return e.JSON.DropCaps
}
// SetHostname sets hostname to use in containee.JSON.
func (e *EngineConfig) SetHostname(hostname string) {
e.JSON.Hostname = hostname
}
// GetHostname retrieves hostname to use in containee.JSON.
func (e *EngineConfig) GetHostname() string {
return e.JSON.Hostname
}
// SetAllowSUID sets allow-suid flag to allow to run setuid binary inside containee.JSON.
func (e *EngineConfig) SetAllowSUID(allow bool) {
e.JSON.AllowSUID = allow
}
// GetAllowSUID returns if allow-suid is set or not.
func (e *EngineConfig) GetAllowSUID() bool {
return e.JSON.AllowSUID
}
// SetKeepPrivs sets keep-privs flag to allow root to retain all privileges.
func (e *EngineConfig) SetKeepPrivs(keep bool) {
e.JSON.KeepPrivs = keep
}
// GetKeepPrivs returns if keep-privs is set or not
func (e *EngineConfig) GetKeepPrivs() bool {
return e.JSON.KeepPrivs
}
// SetNoPrivs sets no-privs flag to force root user to lose all privileges.
func (e *EngineConfig) SetNoPrivs(nopriv bool) {
e.JSON.NoPrivs = nopriv
}
// GetNoPrivs returns if no-privs flag is set or not
func (e *EngineConfig) GetNoPrivs() bool {
return e.JSON.NoPrivs
}
// SetNoHome set no-home flag to not mount home user home directory
func (e *EngineConfig) SetNoHome(val bool) {
e.JSON.NoHome = val
}
// GetNoHome returns if no-home flag is set or not
func (e *EngineConfig) GetNoHome() bool {
return e.JSON.NoHome
}
// SetNoInit set noinit flag to not start shim init process
func (e *EngineConfig) SetNoInit(val bool) {
e.JSON.NoInit = val
}
// GetNoInit returns if noinit flag is set or not
func (e *EngineConfig) GetNoInit() bool {
return e.JSON.NoInit
}
// SetNetwork sets a list of commas separated networks to configure inside container
func (e *EngineConfig) SetNetwork(network string) {
e.JSON.Network = network
}
// GetNetwork retrieves a list of commas separated networks configured in container
func (e *EngineConfig) GetNetwork() string {
return e.JSON.Network
}
// SetNetworkArgs sets network arguments to pass to CNI plugins
func (e *EngineConfig) SetNetworkArgs(args []string) {
e.JSON.NetworkArgs = args
}
// GetNetworkArgs retrieves network arguments passed to CNI plugins
func (e *EngineConfig) GetNetworkArgs() []string {
return e.JSON.NetworkArgs
}
// SetDNS sets a commas separated list of DNS servers to add in resolv.conf
func (e *EngineConfig) SetDNS(dns string) {
e.JSON.DNS = dns
}
// GetDNS retrieves list of DNS servers
func (e *EngineConfig) GetDNS() string {
return e.JSON.DNS
}
// SetImageList sets image list containing opened images
func (e *EngineConfig) SetImageList(list []image.Image) {
e.JSON.ImageList = list
}
// GetImageList returns image list containing opened images
func (e *EngineConfig) GetImageList() []image.Image {
return e.JSON.ImageList
}
// SetCwd sets current working directory
func (e *EngineConfig) SetCwd(path string) {
e.JSON.Cwd = path
}
// GetCwd returns current working directory
func (e *EngineConfig) GetCwd() string {
return e.JSON.Cwd
}
// SetOpenFd sets a list of open file descriptor
func (e *EngineConfig) SetOpenFd(fds []int) {
e.JSON.OpenFd = fds
}
// GetOpenFd returns the list of open file descriptor
func (e *EngineConfig) GetOpenFd() []int {
return e.JSON.OpenFd
}
// SetWritableTmpfs sets writable tmpfs flag
func (e *EngineConfig) SetWritableTmpfs(writable bool) {
e.JSON.WritableTmpfs = writable
}
// GetWritableTmpfs returns if writable tmpfs is set or no
func (e *EngineConfig) GetWritableTmpfs() bool {
return e.JSON.WritableTmpfs
}
// SetSecurity sets security feature arguments
func (e *EngineConfig) SetSecurity(security []string) {
e.JSON.Security = security
}
// GetSecurity returns security feature arguments
func (e *EngineConfig) GetSecurity() []string {
return e.JSON.Security
}
// SetCgroupsPath sets path to cgroups profile
func (e *EngineConfig) SetCgroupsPath(path string) {
e.JSON.CgroupsPath = path
}
// GetCgroupsPath returns path to cgroups profile
func (e *EngineConfig) GetCgroupsPath() string {
return e.JSON.CgroupsPath
}
// SetTargetUID sets target UID to execute the container process as user ID
func (e *EngineConfig) SetTargetUID(uid int) {
e.JSON.TargetUID = uid
}
// GetTargetUID returns the target UID
func (e *EngineConfig) GetTargetUID() int {
return e.JSON.TargetUID
}
// SetTargetGID sets target GIDs to execute container process as group IDs
func (e *EngineConfig) SetTargetGID(gid []int) {
e.JSON.TargetGID = gid
}
// GetTargetGID returns the target GIDs
func (e *EngineConfig) GetTargetGID() []int {
return e.JSON.TargetGID
}
// SetLibrariesPath sets libraries to bind in container
// /.singularity.d/libs directory
func (e *EngineConfig) SetLibrariesPath(libraries []string) {
e.JSON.LibrariesPath = libraries
}
// GetLibrariesPath returns libraries to bind in container
// /.singularity.d/libs directory
func (e *EngineConfig) GetLibrariesPath() []string {
return e.JSON.LibrariesPath
}