1package integration
2
3import (
4	"syscall"
5
6	"github.com/opencontainers/runc/libcontainer/configs"
7)
8
9var standardEnvironment = []string{
10	"HOME=/root",
11	"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
12	"HOSTNAME=integration",
13	"TERM=xterm",
14}
15
16const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV
17
18// newTemplateConfig returns a base template for running a container
19//
20// it uses a network strategy of just setting a loopback interface
21// and the default setup for devices
22func newTemplateConfig(rootfs string) *configs.Config {
23	return &configs.Config{
24		Rootfs: rootfs,
25		Capabilities: []string{
26			"CAP_CHOWN",
27			"CAP_DAC_OVERRIDE",
28			"CAP_FSETID",
29			"CAP_FOWNER",
30			"CAP_MKNOD",
31			"CAP_NET_RAW",
32			"CAP_SETGID",
33			"CAP_SETUID",
34			"CAP_SETFCAP",
35			"CAP_SETPCAP",
36			"CAP_NET_BIND_SERVICE",
37			"CAP_SYS_CHROOT",
38			"CAP_KILL",
39			"CAP_AUDIT_WRITE",
40		},
41		Namespaces: configs.Namespaces([]configs.Namespace{
42			{Type: configs.NEWNS},
43			{Type: configs.NEWUTS},
44			{Type: configs.NEWIPC},
45			{Type: configs.NEWPID},
46			{Type: configs.NEWNET},
47		}),
48		Cgroups: &configs.Cgroup{
49			Path: "integration/test",
50			Resources: &configs.Resources{
51				MemorySwappiness: nil,
52				AllowAllDevices:  false,
53				AllowedDevices:   configs.DefaultAllowedDevices,
54			},
55		},
56		MaskPaths: []string{
57			"/proc/kcore",
58		},
59		ReadonlyPaths: []string{
60			"/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus",
61		},
62		Devices:  configs.DefaultAutoCreatedDevices,
63		Hostname: "integration",
64		Mounts: []*configs.Mount{
65			{
66				Source:      "proc",
67				Destination: "/proc",
68				Device:      "proc",
69				Flags:       defaultMountFlags,
70			},
71			{
72				Source:      "tmpfs",
73				Destination: "/dev",
74				Device:      "tmpfs",
75				Flags:       syscall.MS_NOSUID | syscall.MS_STRICTATIME,
76				Data:        "mode=755",
77			},
78			{
79				Source:      "devpts",
80				Destination: "/dev/pts",
81				Device:      "devpts",
82				Flags:       syscall.MS_NOSUID | syscall.MS_NOEXEC,
83				Data:        "newinstance,ptmxmode=0666,mode=0620,gid=5",
84			},
85			{
86				Device:      "tmpfs",
87				Source:      "shm",
88				Destination: "/dev/shm",
89				Data:        "mode=1777,size=65536k",
90				Flags:       defaultMountFlags,
91			},
92			{
93				Source:      "mqueue",
94				Destination: "/dev/mqueue",
95				Device:      "mqueue",
96				Flags:       defaultMountFlags,
97			},
98			{
99				Source:      "sysfs",
100				Destination: "/sys",
101				Device:      "sysfs",
102				Flags:       defaultMountFlags | syscall.MS_RDONLY,
103			},
104		},
105		Networks: []*configs.Network{
106			{
107				Type:    "loopback",
108				Address: "127.0.0.1/0",
109				Gateway: "localhost",
110			},
111		},
112		Rlimits: []configs.Rlimit{
113			{
114				Type: syscall.RLIMIT_NOFILE,
115				Hard: uint64(1025),
116				Soft: uint64(1025),
117			},
118		},
119	}
120}
121