9
"github.com/containers/image/v5/manifest"
10
"github.com/containers/podman/v5/pkg/signal"
13
type InspectIDMappings struct {14
UIDMap []string `json:"UidMap"`
15
GIDMap []string `json:"GidMap"`
18
// InspectContainerConfig holds further data about how a container was initially
20
type InspectContainerConfig struct {22
Hostname string `json:"Hostname"`
23
// Container domain name - unused at present
24
DomainName string `json:"Domainname"`
25
// User the container was launched with
26
User string `json:"User"`
28
AttachStdin bool `json:"AttachStdin"`
30
AttachStdout bool `json:"AttachStdout"`
32
AttachStderr bool `json:"AttachStderr"`
33
// Whether the container creates a TTY
35
// Whether the container leaves STDIN open
36
OpenStdin bool `json:"OpenStdin"`
37
// Whether STDIN is only left open once.
38
// Presently not supported by Podman, unused.
39
StdinOnce bool `json:"StdinOnce"`
40
// Container environment variables
41
Env []string `json:"Env"`
43
Cmd []string `json:"Cmd"`
45
Image string `json:"Image"`
46
// Unused, at present. I've never seen this field populated.
47
Volumes map[string]struct{} `json:"Volumes"`48
// Container working directory
49
WorkingDir string `json:"WorkingDir"`
50
// Container entrypoint
51
Entrypoint []string `json:"Entrypoint"`
52
// On-build arguments - presently unused. More of Buildah's domain.
53
OnBuild *string `json:"OnBuild"`
55
Labels map[string]string `json:"Labels"`
56
// Container annotations
57
Annotations map[string]string `json:"Annotations"`
58
// Container stop signal
59
StopSignal string `json:"StopSignal"`
60
// Configured healthcheck for the container
61
Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"`
62
// HealthcheckOnFailureAction defines an action to take once the container turns unhealthy.
63
HealthcheckOnFailureAction string `json:"HealthcheckOnFailureAction,omitempty"`
64
// CreateCommand is the full command plus arguments of the process the
65
// container has been created with.
66
CreateCommand []string `json:"CreateCommand,omitempty"`
67
// Timezone is the timezone inside the container.
68
// Local means it has the same timezone as the host machine
69
Timezone string `json:"Timezone,omitempty"`
70
// SystemdMode is whether the container is running in systemd mode. In
71
// systemd mode, the container configuration is customized to optimize
72
// running systemd in the container.
73
SystemdMode bool `json:"SystemdMode,omitempty"`
74
// Umask is the umask inside the container.
75
Umask string `json:"Umask,omitempty"`
76
// Secrets are the secrets mounted in the container
77
Secrets []*InspectSecret `json:"Secrets,omitempty"`
78
// Timeout is time before container is killed by conmon
79
Timeout uint `json:"Timeout"`
80
// StopTimeout is time before container is stopped when calling stop
81
StopTimeout uint `json:"StopTimeout"`
82
// Passwd determines whether or not podman can add entries to /etc/passwd and /etc/group
83
Passwd *bool `json:"Passwd,omitempty"`
84
// ChrootDirs is an additional set of directories that need to be
85
// treated as root directories. Standard bind mounts will be mounted
86
// into paths relative to these directories.
87
ChrootDirs []string `json:"ChrootDirs,omitempty"`
88
// SdNotifyMode is the sd-notify mode of the container.
89
SdNotifyMode string `json:"sdNotifyMode,omitempty"`
90
// SdNotifySocket is the NOTIFY_SOCKET in use by/configured for the container.
91
SdNotifySocket string `json:"sdNotifySocket,omitempty"`
94
// UnmarshalJSON allow compatibility with podman V4 API
95
func (insp *InspectContainerConfig) UnmarshalJSON(data []byte) error {96
type Alias InspectContainerConfig
98
Entrypoint interface{} `json:"Entrypoint"`99
StopSignal interface{} `json:"StopSignal"`102
Alias: (*Alias)(insp),
104
if err := json.Unmarshal(data, &aux); err != nil {108
switch entrypoint := aux.Entrypoint.(type) {110
insp.Entrypoint = strings.Split(entrypoint, " ")
112
insp.Entrypoint = entrypoint
114
insp.Entrypoint = []string{}115
for _, entry := range entrypoint {116
if str, ok := entry.(string); ok {117
insp.Entrypoint = append(insp.Entrypoint, str)
121
insp.Entrypoint = []string{}123
return fmt.Errorf("cannot unmarshal Config.Entrypoint of type %T", entrypoint)126
switch stopsignal := aux.StopSignal.(type) {128
insp.StopSignal = stopsignal
130
insp.StopSignal = signal.ToDockerFormat(uint(stopsignal))
134
return fmt.Errorf("cannot unmarshal Config.StopSignal of type %T", stopsignal)139
// InspectRestartPolicy holds information about the container's restart policy.
140
type InspectRestartPolicy struct {141
// Name contains the container's restart policy.
142
// Allowable values are "no" or "" (take no action),
143
// "on-failure" (restart on non-zero exit code, with an optional max
144
// retry count), and "always" (always restart on container stop, unless
145
// explicitly requested by API).
146
// Note that this is NOT actually a name of any sort - the poor naming
147
// is for Docker compatibility.
148
Name string `json:"Name"`
149
// MaximumRetryCount is the maximum number of retries allowed if the
150
// "on-failure" restart policy is in use. Not used if "on-failure" is
152
MaximumRetryCount uint `json:"MaximumRetryCount"`
155
// InspectLogConfig holds information about a container's configured log driver
156
type InspectLogConfig struct {157
Type string `json:"Type"`
158
Config map[string]string `json:"Config"`
159
// Path specifies a path to the log file
160
Path string `json:"Path"`
161
// Tag specifies a custom log tag for the container
162
Tag string `json:"Tag"`
163
// Size specifies a maximum size of the container log
164
Size string `json:"Size"`
167
// InspectBlkioWeightDevice holds information about the relative weight
168
// of an individual device node. Weights are used in the I/O scheduler to give
169
// relative priority to some accesses.
170
type InspectBlkioWeightDevice struct {171
// Path is the path to the device this applies to.
172
Path string `json:"Path"`
173
// Weight is the relative weight the scheduler will use when scheduling
175
Weight uint16 `json:"Weight"`
178
// InspectBlkioThrottleDevice holds information about a speed cap for a device
179
// node. This cap applies to a specific operation (read, write, etc) on the given
181
type InspectBlkioThrottleDevice struct {182
// Path is the path to the device this applies to.
183
Path string `json:"Path"`
184
// Rate is the maximum rate. It is in either bytes per second or iops
185
// per second, determined by where it is used - documentation will
186
// indicate which is appropriate.
187
Rate uint64 `json:"Rate"`
190
// InspectUlimit is a ulimit that will be applied to the container.
191
type InspectUlimit struct {192
// Name is the name (type) of the ulimit.
193
Name string `json:"Name"`
194
// Soft is the soft limit that will be applied.
195
Soft int64 `json:"Soft"`
196
// Hard is the hard limit that will be applied.
197
Hard int64 `json:"Hard"`
200
// InspectDevice is a single device that will be mounted into the container.
201
type InspectDevice struct {202
// PathOnHost is the path of the device on the host.
203
PathOnHost string `json:"PathOnHost"`
204
// PathInContainer is the path of the device within the container.
205
PathInContainer string `json:"PathInContainer"`
206
// CgroupPermissions is the permissions of the mounted device.
207
// Presently not populated.
209
CgroupPermissions string `json:"CgroupPermissions"`
212
// InspectHostPort provides information on a port on the host that a container's
214
type InspectHostPort struct {215
// IP on the host we are bound to. "" if not specified (binding to all
217
HostIP string `json:"HostIp"`
218
// Port on the host we are bound to. No special formatting - just an
219
// integer stuffed into a string.
220
HostPort string `json:"HostPort"`
223
// InspectMount provides a record of a single mount in a container. It contains
224
// fields for both named and normal volumes. Only user-specified volumes will be
225
// included, and tmpfs volumes are not included even if the user specified them.
226
type InspectMount struct {227
// Whether the mount is a volume or bind mount. Allowed values are
228
// "volume" and "bind".
229
Type string `json:"Type"`
230
// The name of the volume. Empty for bind mounts.
231
Name string `json:"Name,omitempty"`
232
// The source directory for the volume.
233
Source string `json:"Source"`
234
// The destination directory for the volume. Specified as a path within
235
// the container, as it would be passed into the OCI runtime.
236
Destination string `json:"Destination"`
237
// The driver used for the named volume. Empty for bind mounts.
238
Driver string `json:"Driver"`
239
// Contains SELinux :z/:Z mount options. Unclear what, if anything, else
241
Mode string `json:"Mode"`
242
// All remaining mount options. Additional data, not present in the
244
Options []string `json:"Options"`
245
// Whether the volume is read-write
247
// Mount propagation for the mount. Can be empty if not specified, but
248
// is always printed - no omitempty.
249
Propagation string `json:"Propagation"`
252
// InspectContainerState provides a detailed record of a container's current
253
// state. It is returned as part of InspectContainerData.
254
// As with InspectContainerData, many portions of this struct are matched to
255
// Docker, but here we see more fields that are unused (nonsensical in the
256
// context of Libpod).
257
type InspectContainerState struct {258
OciVersion string `json:"OciVersion"`
259
Status string `json:"Status"`
260
Running bool `json:"Running"`
261
Paused bool `json:"Paused"`
262
Restarting bool `json:"Restarting"` // TODO
263
OOMKilled bool `json:"OOMKilled"`
264
Dead bool `json:"Dead"`
266
ConmonPid int `json:"ConmonPid,omitempty"`
267
ExitCode int32 `json:"ExitCode"`
268
Error string `json:"Error"` // TODO
269
StartedAt time.Time `json:"StartedAt"`
270
FinishedAt time.Time `json:"FinishedAt"`
271
Health *HealthCheckResults `json:"Health,omitempty"`
272
Checkpointed bool `json:"Checkpointed,omitempty"`
273
CgroupPath string `json:"CgroupPath,omitempty"`
274
CheckpointedAt time.Time `json:"CheckpointedAt,omitempty"`
275
RestoredAt time.Time `json:"RestoredAt,omitempty"`
276
CheckpointLog string `json:"CheckpointLog,omitempty"`
277
CheckpointPath string `json:"CheckpointPath,omitempty"`
278
RestoreLog string `json:"RestoreLog,omitempty"`
279
Restored bool `json:"Restored,omitempty"`
280
StoppedByUser bool `json:"StoppedByUser,omitempty"`
283
// Healthcheck returns the HealthCheckResults. This is used for old podman compat
284
// to make the "Healthcheck" key available in the go template.
285
func (s *InspectContainerState) Healthcheck() *HealthCheckResults {289
// HealthCheckResults describes the results/logs from a healthcheck
290
type HealthCheckResults struct {291
// Status starting, healthy or unhealthy
292
Status string `json:"Status"`
293
// FailingStreak is the number of consecutive failed healthchecks
294
FailingStreak int `json:"FailingStreak"`
295
// Log describes healthcheck attempts and results
296
Log []HealthCheckLog `json:"Log"`
299
// HealthCheckLog describes the results of a single healthcheck
300
type HealthCheckLog struct {301
// Start time as string
302
Start string `json:"Start"`
303
// End time as a string
304
End string `json:"End"`
305
// Exitcode is 0 or 1
306
ExitCode int `json:"ExitCode"`
307
// Output is the stdout/stderr from the healthcheck command
308
Output string `json:"Output"`
311
// InspectContainerHostConfig holds information used when the container was
313
// It's very much a Docker-specific struct, retained (mostly) as-is for
314
// compatibility. We fill individual fields as best as we can, inferring as much
315
// as possible from the spec and container config.
316
// Some things cannot be inferred. These will be populated by spec annotations
319
//nolint:revive,stylecheck // Field names are fixed for compatibility and cannot be changed.
320
type InspectContainerHostConfig struct {321
// Binds contains an array of user-added mounts.
322
// Both volume mounts and named volumes are included.
323
// Tmpfs mounts are NOT included.
324
// In 'docker inspect' this is separated into 'Binds' and 'Mounts' based
325
// on how a mount was added. We do not make this distinction and do not
326
// include a Mounts field in inspect.
327
// Format: <src>:<destination>[:<comma-separated options>]
328
Binds []string `json:"Binds"`
329
// CgroupManager is the cgroup manager used by the container.
330
// At present, allowed values are either "cgroupfs" or "systemd".
331
CgroupManager string `json:"CgroupManager,omitempty"`
332
// CgroupMode is the configuration of the container's cgroup namespace.
333
// Populated as follows:
334
// private - a cgroup namespace has been created
335
// host - No cgroup namespace created
336
// container:<id> - Using another container's cgroup namespace
337
// ns:<path> - A path to a cgroup namespace has been specified
338
CgroupMode string `json:"CgroupMode"`
339
// ContainerIDFile is a file created during container creation to hold
340
// the ID of the created container.
341
// This is not handled within libpod and is stored in an annotation.
342
ContainerIDFile string `json:"ContainerIDFile"`
343
// LogConfig contains information on the container's logging backend
344
LogConfig *InspectLogConfig `json:"LogConfig"`
345
// NetworkMode is the configuration of the container's network
347
// Populated as follows:
348
// default - A network namespace is being created and configured via CNI
349
// none - A network namespace is being created, not configured via CNI
350
// host - No network namespace created
351
// container:<id> - Using another container's network namespace
352
// ns:<path> - A path to a network namespace has been specified
353
NetworkMode string `json:"NetworkMode"`
354
// PortBindings contains the container's port bindings.
355
// It is formatted as map[string][]InspectHostPort.
356
// The string key here is formatted as <integer port number>/<protocol>
357
// and represents the container port. A single container port may be
358
// bound to multiple host ports (on different IPs).
359
PortBindings map[string][]InspectHostPort `json:"PortBindings"`
360
// RestartPolicy contains the container's restart policy.
361
RestartPolicy *InspectRestartPolicy `json:"RestartPolicy"`
362
// AutoRemove is whether the container will be automatically removed on
364
// It is not handled directly within libpod and is stored in an
366
AutoRemove bool `json:"AutoRemove"`
367
// Annotations are provided to the runtime when the container is
369
Annotations map[string]string `json:"Annotations"`
370
// VolumeDriver is presently unused and is retained for Docker
372
VolumeDriver string `json:"VolumeDriver"`
373
// VolumesFrom is a list of containers which this container uses volumes
374
// from. This is not handled directly within libpod and is stored in an
376
// It is formatted as an array of container names and IDs.
377
VolumesFrom []string `json:"VolumesFrom"`
378
// CapAdd is a list of capabilities added to the container.
379
// It is not directly stored by Libpod, and instead computed from the
380
// capabilities listed in the container's spec, compared against a set
381
// of default capabilities.
382
CapAdd []string `json:"CapAdd"`
383
// CapDrop is a list of capabilities removed from the container.
384
// It is not directly stored by libpod, and instead computed from the
385
// capabilities listed in the container's spec, compared against a set
386
// of default capabilities.
387
CapDrop []string `json:"CapDrop"`
388
// Dns is a list of DNS nameservers that will be added to the
389
// container's resolv.conf
390
Dns []string `json:"Dns"`
391
// DnsOptions is a list of DNS options that will be set in the
392
// container's resolv.conf
393
DnsOptions []string `json:"DnsOptions"`
394
// DnsSearch is a list of DNS search domains that will be set in the
395
// container's resolv.conf
396
DnsSearch []string `json:"DnsSearch"`
397
// ExtraHosts contains hosts that will be added to the container's
399
ExtraHosts []string `json:"ExtraHosts"`
400
// GroupAdd contains groups that the user inside the container will be
402
GroupAdd []string `json:"GroupAdd"`
403
// IpcMode represents the configuration of the container's IPC
405
// Populated as follows:
406
// "" (empty string) - Default, an IPC namespace will be created
407
// host - No IPC namespace created
408
// container:<id> - Using another container's IPC namespace
409
// ns:<path> - A path to an IPC namespace has been specified
410
IpcMode string `json:"IpcMode"`
411
// Cgroup contains the container's cgroup. It is presently not
414
Cgroup string `json:"Cgroup"`
415
// Cgroups contains the container's Cgroup mode.
416
// Allowed values are "default" (container is creating Cgroups) and
417
// "disabled" (container is not creating Cgroups).
418
// This is Libpod-specific and not included in `docker inspect`.
419
Cgroups string `json:"Cgroups"`
420
// Links is unused, and provided purely for Docker compatibility.
421
Links []string `json:"Links"`
422
// OOMScoreAdj is an adjustment that will be made to the container's OOM
424
OomScoreAdj int `json:"OomScoreAdj"`
425
// PidMode represents the configuration of the container's PID
427
// Populated as follows:
428
// "" (empty string) - Default, a PID namespace will be created
429
// host - No PID namespace created
430
// container:<id> - Using another container's PID namespace
431
// ns:<path> - A path to a PID namespace has been specified
432
PidMode string `json:"PidMode"`
433
// Privileged indicates whether the container is running with elevated
435
// This has a very specific meaning in the Docker sense, so it's very
436
// difficult to decode from the spec and config, and so is stored as an
438
Privileged bool `json:"Privileged"`
439
// PublishAllPorts indicates whether image ports are being published.
440
// This is not directly stored in libpod and is saved as an annotation.
441
PublishAllPorts bool `json:"PublishAllPorts"`
442
// ReadonlyRootfs is whether the container will be mounted read-only.
443
ReadonlyRootfs bool `json:"ReadonlyRootfs"`
444
// SecurityOpt is a list of security-related options that are set in the
446
SecurityOpt []string `json:"SecurityOpt"`
447
// Tmpfs is a list of tmpfs filesystems that will be mounted into the
449
// It is a map of destination path to options for the mount.
450
Tmpfs map[string]string `json:"Tmpfs"`
451
// UTSMode represents the configuration of the container's UID
453
// Populated as follows:
454
// "" (empty string) - Default, a UTS namespace will be created
455
// host - no UTS namespace created
456
// container:<id> - Using another container's UTS namespace
457
// ns:<path> - A path to a UTS namespace has been specified
458
UTSMode string `json:"UTSMode"`
459
// UsernsMode represents the configuration of the container's user
461
// When running rootless, a user namespace is created outside of libpod
462
// to allow some privileged operations. This will not be reflected here.
463
// Populated as follows:
464
// "" (empty string) - No user namespace will be created
465
// private - The container will be run in a user namespace
466
// container:<id> - Using another container's user namespace
467
// ns:<path> - A path to a user namespace has been specified
468
// TODO Rootless has an additional 'keep-id' option, presently not
470
UsernsMode string `json:"UsernsMode"`
471
// IDMappings is the UIDMapping and GIDMapping used within the container
472
IDMappings *InspectIDMappings `json:"IDMappings,omitempty"`
473
// ShmSize is the size of the container's SHM device.
475
ShmSize int64 `json:"ShmSize"`
476
// Runtime is provided purely for Docker compatibility.
477
// It is set unconditionally to "oci" as Podman does not presently
478
// support non-OCI runtimes.
479
Runtime string `json:"Runtime"`
480
// ConsoleSize is an array of 2 integers showing the size of the
481
// container's console.
482
// It is only set if the container is creating a terminal.
484
ConsoleSize []uint `json:"ConsoleSize"`
485
// Isolation is presently unused and provided solely for Docker
487
Isolation string `json:"Isolation"`
488
// CpuShares indicates the CPU resources allocated to the container.
489
// It is a relative weight in the scheduler for assigning CPU time
490
// versus other Cgroups.
491
CpuShares uint64 `json:"CpuShares"`
492
// Memory indicates the memory resources allocated to the container.
493
// This is the limit (in bytes) of RAM the container may use.
494
Memory int64 `json:"Memory"`
495
// NanoCpus indicates number of CPUs allocated to the container.
496
// It is an integer where one full CPU is indicated by 1000000000 (one
498
// Thus, 2.5 CPUs (fractional portions of CPUs are allowed) would be
499
// 2500000000 (2.5 billion).
500
// In 'docker inspect' this is set exclusively of two further options in
501
// the output (CpuPeriod and CpuQuota) which are both used to implement
502
// this functionality.
503
// We can't distinguish here, so if CpuQuota is set to the default of
504
// 100000, we will set both CpuQuota, CpuPeriod, and NanoCpus. If
505
// CpuQuota is not the default, we will not set NanoCpus.
506
NanoCpus int64 `json:"NanoCpus"`
507
// CgroupParent is the Cgroup parent of the container.
508
// Only set if not default.
509
CgroupParent string `json:"CgroupParent"`
510
// BlkioWeight indicates the I/O resources allocated to the container.
511
// It is a relative weight in the scheduler for assigning I/O time
512
// versus other Cgroups.
513
BlkioWeight uint16 `json:"BlkioWeight"`
514
// BlkioWeightDevice is an array of I/O resource priorities for
515
// individual device nodes.
516
// Unfortunately, the spec only stores the device's Major/Minor numbers
517
// and not the path, which is used here.
518
// Fortunately, the kernel provides an interface for retrieving the path
519
// of a given node by major:minor at /sys/dev/. However, the exact path
520
// in use may not be what was used in the original CLI invocation -
521
// though it is guaranteed that the device node will be the same, and
522
// using the given path will be functionally identical.
523
BlkioWeightDevice []InspectBlkioWeightDevice `json:"BlkioWeightDevice"`
524
// BlkioDeviceReadBps is an array of I/O throttle parameters for
525
// individual device nodes.
526
// This specifically sets read rate cap in bytes per second for device
528
// As with BlkioWeightDevice, we pull the path from /sys/dev, and we
529
// don't guarantee the path will be identical to the original (though
530
// the node will be).
531
BlkioDeviceReadBps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadBps"`
532
// BlkioDeviceWriteBps is an array of I/O throttle parameters for
533
// individual device nodes.
534
// this specifically sets write rate cap in bytes per second for device
536
// as with BlkioWeightDevice, we pull the path from /sys/dev, and we
537
// don't guarantee the path will be identical to the original (though
538
// the node will be).
539
BlkioDeviceWriteBps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteBps"`
540
// BlkioDeviceReadIOps is an array of I/O throttle parameters for
541
// individual device nodes.
542
// This specifically sets the read rate cap in iops per second for
544
// As with BlkioWeightDevice, we pull the path from /sys/dev, and we
545
// don't guarantee the path will be identical to the original (though
546
// the node will be).
547
BlkioDeviceReadIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadIOps"`
548
// BlkioDeviceWriteIOps is an array of I/O throttle parameters for
549
// individual device nodes.
550
// This specifically sets the write rate cap in iops per second for
552
// As with BlkioWeightDevice, we pull the path from /sys/dev, and we
553
// don't guarantee the path will be identical to the original (though
554
// the node will be).
555
BlkioDeviceWriteIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteIOps"`
556
// CpuPeriod is the length of a CPU period in microseconds.
557
// It relates directly to CpuQuota.
558
CpuPeriod uint64 `json:"CpuPeriod"`
559
// CpuPeriod is the amount of time (in microseconds) that a container
560
// can use the CPU in every CpuPeriod.
561
CpuQuota int64 `json:"CpuQuota"`
562
// CpuRealtimePeriod is the length of time (in microseconds) of the CPU
563
// realtime period. If set to 0, no time will be allocated to realtime
565
CpuRealtimePeriod uint64 `json:"CpuRealtimePeriod"`
566
// CpuRealtimeRuntime is the length of time (in microseconds) allocated
567
// for realtime tasks within every CpuRealtimePeriod.
568
CpuRealtimeRuntime int64 `json:"CpuRealtimeRuntime"`
569
// CpusetCpus is the set of CPUs that the container will execute on.
570
// Formatted as `0-3` or `0,2`. Default (if unset) is all CPUs.
571
CpusetCpus string `json:"CpusetCpus"`
572
// CpusetMems is the set of memory nodes the container will use.
573
// Formatted as `0-3` or `0,2`. Default (if unset) is all memory nodes.
574
CpusetMems string `json:"CpusetMems"`
575
// Devices is a list of device nodes that will be added to the
577
// These are stored in the OCI spec only as type, major, minor while we
578
// display the host path. We convert this with /sys/dev, but we cannot
579
// guarantee that the host path will be identical - only that the actual
581
Devices []InspectDevice `json:"Devices"`
582
// DiskQuota is the maximum amount of disk space the container may use
584
// Presently not populated.
586
DiskQuota uint64 `json:"DiskQuota"`
587
// KernelMemory is the maximum amount of memory the kernel will devote
589
KernelMemory int64 `json:"KernelMemory"`
590
// MemoryReservation is the reservation (soft limit) of memory available
591
// to the container. Soft limits are warnings only and can be exceeded.
592
MemoryReservation int64 `json:"MemoryReservation"`
593
// MemorySwap is the total limit for all memory available to the
594
// container, including swap. 0 indicates that there is no limit to the
595
// amount of memory available.
596
MemorySwap int64 `json:"MemorySwap"`
597
// MemorySwappiness is the willingness of the kernel to page container
598
// memory to swap. It is an integer from 0 to 100, with low numbers
599
// being more likely to be put into swap.
600
// -1, the default, will not set swappiness and use the system defaults.
601
MemorySwappiness int64 `json:"MemorySwappiness"`
602
// OomKillDisable indicates whether the kernel OOM killer is disabled
603
// for the container.
604
OomKillDisable bool `json:"OomKillDisable"`
605
// Init indicates whether the container has an init mounted into it.
606
Init bool `json:"Init,omitempty"`
607
// PidsLimit is the maximum number of PIDs that may be created within
608
// the container. 0, the default, indicates no limit.
609
PidsLimit int64 `json:"PidsLimit"`
610
// Ulimits is a set of ulimits that will be set within the container.
611
Ulimits []InspectUlimit `json:"Ulimits"`
612
// CpuCount is Windows-only and not presently implemented.
613
CpuCount uint64 `json:"CpuCount"`
614
// CpuPercent is Windows-only and not presently implemented.
615
CpuPercent uint64 `json:"CpuPercent"`
616
// IOMaximumIOps is Windows-only and not presently implemented.
617
IOMaximumIOps uint64 `json:"IOMaximumIOps"`
618
// IOMaximumBandwidth is Windows-only and not presently implemented.
619
IOMaximumBandwidth uint64 `json:"IOMaximumBandwidth"`
620
// CgroupConf is the configuration for cgroup v2.
621
CgroupConf map[string]string `json:"CgroupConf"`
622
// IntelRdtClosID defines the Intel RDT CAT Class Of Service (COS) that
623
// all processes of the container should run in.
624
IntelRdtClosID string `json:"IntelRdtClosID,omitempty"`
627
// Address represents an IP address.
633
// InspectBasicNetworkConfig holds basic configuration information (e.g. IP
634
// addresses, MAC address, subnet masks, etc) that are common for all networks
635
// (both additional and main).
636
type InspectBasicNetworkConfig struct {637
// EndpointID is unused, maintained exclusively for compatibility.
638
EndpointID string `json:"EndpointID"`
639
// Gateway is the IP address of the gateway this network will use.
640
Gateway string `json:"Gateway"`
641
// IPAddress is the IP address for this network.
642
IPAddress string `json:"IPAddress"`
643
// IPPrefixLen is the length of the subnet mask of this network.
644
IPPrefixLen int `json:"IPPrefixLen"`
645
// SecondaryIPAddresses is a list of extra IP Addresses that the
646
// container has been assigned in this network.
647
SecondaryIPAddresses []Address `json:"SecondaryIPAddresses,omitempty"`
648
// IPv6Gateway is the IPv6 gateway this network will use.
649
IPv6Gateway string `json:"IPv6Gateway"`
650
// GlobalIPv6Address is the global-scope IPv6 Address for this network.
651
GlobalIPv6Address string `json:"GlobalIPv6Address"`
652
// GlobalIPv6PrefixLen is the length of the subnet mask of this network.
653
GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"`
654
// SecondaryIPv6Addresses is a list of extra IPv6 Addresses that the
655
// container has been assigned in this network.
656
SecondaryIPv6Addresses []Address `json:"SecondaryIPv6Addresses,omitempty"`
657
// MacAddress is the MAC address for the interface in this network.
658
MacAddress string `json:"MacAddress"`
659
// AdditionalMacAddresses is a set of additional MAC Addresses beyond
660
// the first. CNI may configure more than one interface for a single
661
// network, which can cause this.
662
AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"`
665
// InspectAdditionalNetwork holds information about non-default networks the
666
// container has been connected to.
667
// As with InspectNetworkSettings, many fields are unused and maintained only
668
// for compatibility with Docker.
669
type InspectAdditionalNetwork struct {670
InspectBasicNetworkConfig
672
// Name of the network we're connecting to.
673
NetworkID string `json:"NetworkID,omitempty"`
674
// DriverOpts is presently unused and maintained exclusively for
676
DriverOpts map[string]string `json:"DriverOpts"`
677
// IPAMConfig is presently unused and maintained exclusively for
679
IPAMConfig map[string]string `json:"IPAMConfig"`
680
// Links is presently unused and maintained exclusively for
682
Links []string `json:"Links"`
683
// Aliases are any network aliases the container has in this network.
684
Aliases []string `json:"Aliases,omitempty"`
687
// InspectNetworkSettings holds information about the network settings of the
689
// Many fields are maintained only for compatibility with `docker inspect` and
690
// are unused within Libpod.
691
type InspectNetworkSettings struct {692
InspectBasicNetworkConfig
694
Bridge string `json:"Bridge"`
695
SandboxID string `json:"SandboxID"`
696
HairpinMode bool `json:"HairpinMode"`
697
LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"`
698
LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"`
699
Ports map[string][]InspectHostPort `json:"Ports"`
700
SandboxKey string `json:"SandboxKey"`
701
// Networks contains information on non-default networks this
702
// container has joined.
703
// It is a map of network name to network information.
704
Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"`
707
// InspectContainerData provides a detailed record of a container's configuration
708
// and state as viewed by Libpod.
709
// Large portions of this structure are defined such that the output is
710
// compatible with `docker inspect` JSON, but additional fields have been added
711
// as required to share information not in the original output.
712
type InspectContainerData struct {713
ID string `json:"Id"`
714
Created time.Time `json:"Created"`
715
Path string `json:"Path"`
716
Args []string `json:"Args"`
717
State *InspectContainerState `json:"State"`
718
Image string `json:"Image"`
719
ImageDigest string `json:"ImageDigest"`
720
ImageName string `json:"ImageName"`
721
Rootfs string `json:"Rootfs"`
722
Pod string `json:"Pod"`
723
ResolvConfPath string `json:"ResolvConfPath"`
724
HostnamePath string `json:"HostnamePath"`
725
HostsPath string `json:"HostsPath"`
726
StaticDir string `json:"StaticDir"`
727
OCIConfigPath string `json:"OCIConfigPath,omitempty"`
728
OCIRuntime string `json:"OCIRuntime,omitempty"`
729
ConmonPidFile string `json:"ConmonPidFile"`
730
PidFile string `json:"PidFile"`
731
Name string `json:"Name"`
732
RestartCount int32 `json:"RestartCount"`
733
Driver string `json:"Driver"`
734
MountLabel string `json:"MountLabel"`
735
ProcessLabel string `json:"ProcessLabel"`
736
AppArmorProfile string `json:"AppArmorProfile"`
737
EffectiveCaps []string `json:"EffectiveCaps"`
738
BoundingCaps []string `json:"BoundingCaps"`
739
ExecIDs []string `json:"ExecIDs"`
740
GraphDriver *DriverData `json:"GraphDriver"`
741
SizeRw *int64 `json:"SizeRw,omitempty"`
742
SizeRootFs int64 `json:"SizeRootFs,omitempty"`
743
Mounts []InspectMount `json:"Mounts"`
744
Dependencies []string `json:"Dependencies"`
745
NetworkSettings *InspectNetworkSettings `json:"NetworkSettings"`
746
Namespace string `json:"Namespace"`
747
IsInfra bool `json:"IsInfra"`
748
IsService bool `json:"IsService"`
749
KubeExitCodePropagation string `json:"KubeExitCodePropagation"`
750
LockNumber uint32 `json:"lockNumber"`
751
Config *InspectContainerConfig `json:"Config"`
752
HostConfig *InspectContainerHostConfig `json:"HostConfig"`
755
// InspectExecSession contains information about a given exec session.
756
type InspectExecSession struct {757
// CanRemove is legacy and used purely for compatibility reasons.
758
// Will always be set to true, unless the exec session is running.
759
CanRemove bool `json:"CanRemove"`
760
// ContainerID is the ID of the container this exec session is attached
762
ContainerID string `json:"ContainerID"`
763
// DetachKeys are the detach keys used by the exec session.
764
// If set to "" the default keys are being used.
765
// Will show "<none>" if no detach keys are set.
766
DetachKeys string `json:"DetachKeys"`
767
// ExitCode is the exit code of the exec session. Will be set to 0 if
768
// the exec session has not yet exited.
769
ExitCode int `json:"ExitCode"`
770
// ID is the ID of the exec session.
771
ID string `json:"ID"`
772
// OpenStderr is whether the container's STDERR stream will be attached.
773
// Always set to true if the exec session created a TTY.
774
OpenStderr bool `json:"OpenStderr"`
775
// OpenStdin is whether the container's STDIN stream will be attached
777
OpenStdin bool `json:"OpenStdin"`
778
// OpenStdout is whether the container's STDOUT stream will be attached.
779
// Always set to true if the exec session created a TTY.
780
OpenStdout bool `json:"OpenStdout"`
781
// Running is whether the exec session is running.
782
Running bool `json:"Running"`
783
// Pid is the PID of the exec session's process.
784
// Will be set to 0 if the exec session is not running.
786
// ProcessConfig contains information about the exec session's process.
787
ProcessConfig *InspectExecProcess `json:"ProcessConfig"`
790
// InspectExecProcess contains information about the process in a given exec
792
type InspectExecProcess struct {793
// Arguments are the arguments to the entrypoint command of the exec
795
Arguments []string `json:"arguments"`
796
// Entrypoint is the entrypoint for the exec session (the command that
797
// will be executed in the container).
798
Entrypoint string `json:"entrypoint"`
799
// Privileged is whether the exec session will be started with elevated
801
Privileged bool `json:"privileged"`
802
// Tty is whether the exec session created a terminal.
803
Tty bool `json:"tty"`
804
// User is the user the exec session was started as.
805
User string `json:"user"`
808
// DriverData handles the data for a storage driver
809
type DriverData struct {810
Name string `json:"Name"`
811
Data map[string]string `json:"Data"`
814
// InspectSecret contains information on secrets mounted inside the container
815
type InspectSecret struct {816
// Name is the name of the secret
817
Name string `json:"Name"`
818
// ID is the ID of the secret
819
ID string `json:"ID"`
820
// ID is the UID of the mounted secret file
821
UID uint32 `json:"UID"`
822
// ID is the GID of the mounted secret file
823
GID uint32 `json:"GID"`
824
// ID is the ID of the mode of the mounted secret file
825
Mode uint32 `json:"Mode"`