With the oci generate [options] [arguments...] command , user can generate OCI Bundle contains config.json and runtime.json
| Flag Name | multi slice | arguments format | example command (ommit oci generator) | example output (json segment) |
|---|---|---|---|---|
| rootfs | N | path | --path /rootfs | root: {"path": "/rootfs"} |
| read-only | N | readonly | --readonly true | "root": {"readonly": true |
| hostname | N | hostname | --hostname opencontainer | "hostname": er", |
| uid | N | uid | --uid 0 | "user": {"uid": 0, |
| gid | N | gid | --gid 0 | "user": {"gid": 0, |
| groups | Y | additionalGids | --groups 5 --groups 6 | "user": {"additionalGids": [5, 6] |
| cap-add | Y | capabilities | --cap-add MKNOD --cap-add CHOWN | "capabilities": ["CAP_MKNOD","CAP_CHOWN", |
| cap-drop | Y | capabilities | --cap-drop MKNOD | "capabilities": ["CAP_CHOWN", |
| network | N | network ns path | --network /test | "namespaces": [,{,"type": "network",,"path": "/test",}, |
| mount | N | mount ns path | --mount /test | "namespaces": [,{,"type": "mount ",,"path": "/test",}, |
| pid | N | pid ns path | --pid /test | "namespaces": [,{,"type": "pid",,"path": "/test",}, |
| ipc | N | ipc ns path | --ipc /test | "namespaces": [,{,"type": "ipc",,"path": "/test",}, |
| uts | N | uts ns path | --uts /test | "namespaces": [,{,"type": "uts",,"path": "/test",}, |
| selinux-label | N | selinux-label | --selinux-label system_u:system_r:svirt_lxc_net_t:s0 | "selinuxProcessLabel": "system_u:system_r:svirt_lxc_net_t:s0", |
| tmpfs | Y | tmpfs path | --tmpfs /fs/tmp1 | "mounts": [{,"name": "tmp1tmpfs",,"path": "/fs/tmp1",},"tmp1tmpfs": {,"type": "tmpfs",,"source": "tmpfs",,"options": [,"nosuid",,"nodev",,"mode=755",],} |
| args | N | args | --args /bin/bash | "args": ["/bin/bash",], |
| env | Y | env | --env PATH=/usr/local/sbin --env TERM=xterm | "env": [,"PATH=/usr/local/sbin","TERM=xterm",], |
| mount-cgroups | N | mount-cgroups options | --mount-cgroups ro | "cgroup": {,"type": "cgroup",,"source": "cgroup",,"options": [,"nosuid",,"noexec",,"nodev",,"relatime",,"ro",] |
| bind | Y | src:dest:[options] | --bind /home:/con --bind /home1:/con1:"ro","nosuid" | "mounts": [,{,"name": "homebind",,"path": "/con",},,{,"name": "home1bind",,"path": "/con1",} "mounts": {"home1bind": {,"type": "bind","source": "/home1","options": [,"bind","ro,nosuid",],},"homebind": {,"type": "bind","source": "/home","options": [,"bind","ro",],}, |
| prestart | Y | prestart path | --prestart /bin/ls:-a --prestart /bin/ll | "hooks": {,"prestart": [,{,"path": "/bin/ls",,"args": [,"-a",],,"env": null,},,{,"path": "/bin/ll",,"args": [],,"env": null,},], |
| poststop | Y | poststop path | --poststop /bin/ls:-a --poststop /bin/ll | "hooks": {,"poststop": [,{,"path": "/bin/ls",,"args": [,"-a",],,"env": null,},,{,"path": "/bin/ll",,"args": [],,"env": null,},], |
| poststart | Y | poststart path | --poststart /bin/ls:-a --poststart /bin/ll | "hooks": {,"poststart": [,{,"path": "/bin/ls",,"args": [,"-a",],,"env": null,},,{,"path": "/bin/ll",,"args": [],,"env": null,},], |
| root-propagation | N | rootfs propagation mode | --root-propagation slave | "rootfsPropagation": "slave" |
| version | N | spec version | --version 0.2.0 | "version": "0.2.0" |
| os | N | OS type | --os linux | "platform": {,"os": "linux", |
| arch | N | arch type | --arch amd64 | "platform": {,"os": "linux",,"arch": "amd64" |
| cwd | N | current working directory | --cwd / | "cwd": "/" |
| mountpoint-add | Y | name:path | --mount-add tname:/tpath --mount-add tname1:/tpath1 | "mounts": [,{,"name": "tname",,"path": "/tpath",},,{,"name": "tname1",,"path": "/tpath1",} |
| mounts | Y | mountpoint:type:source:options | --mounts tname:tmpfs:tmpfs:"ro" | "mounts": {,"tname": {,"type": "tmpfs",,"source": "tmpfs",,"options": [,"ro",],} |
| terminal | N | terminalbool | --terminal true | "process": {,"terminal": true, |
| uidmappings | Y | hostID:containerID:size | --uidmappings 0:0:10--uidmappings 0:1:8 | "linux": {,"uidMappings": [,{,"hostID": 0,,"containerID": 0,,"size": 10,},,{,"hostID": 0,,"containerID": 1,,"size": 8,},], |
| gidmappings | Y | hostID:containerID:size | --gidmappings 1:1:10--gidmappings 0:0:8 | "linux": {,"gidMappings": [,{,"hostID": 1,,"containerID": 1,,"size": 10,},,{,"hostID": 0,,"containerID": 0,,"size": 8,},], |
| rlimit | Y | type:hard:soft | --rlimits RLIMIT_NOFILE:1024:2048 | "linux": {,"rlimits": [,{,"type": "RLIMIT_NOFILE","hard": 1024,,"soft": 2048,},], |
| sysctl | Y | name:value | --sysctl net.ipv4.ip_forward:1 | "sysctl": {,"net.ipv4.ip_forward": "1",}, |
| cgroupspath | N | cgrouppath | --cgroupspath /sys/fs/cgroup | "cgroupsPath": "/sys/fs/cgroup", |
| apparmor | N | apparmorfileid | --apparmor acme_secure_profile | "apparmorProfile": "acme_secure_profile", |
| device-add | Y | path:type:major:minor:permissions:filemode:uid:gid | --device-add /device/test:99:1:3:rwm:438:0:0 | "devices": [,{,"path": "/dev/test",,"type": 99,,"major": 1,,"minor": 3,,"permissions": "rwm",,"fileMode": 438,,"uid": 0,,"gid": 0,}, |
| seccomp-default | N | seccomp-default action | --seccomp-default SCMP_ACT_KILL | "seccomp": {,"defaultAction": "SCMP_ACT_KILL", |
| seccomp-arch | Y | seccomp architectures | --seccomp-arch SCMP_ARCH_X86 | "seccomp": {,"architectures": [,"SCMP_ARCH_X86",], |
| seccomp-syscalls | Y | name:action:arg1_index/arg1_value/arg1_valuetwo/arg_1op, arg2_index/arg2_value/arg2_valuetwo/arg_2op | --seccomp-syscalls getcwd:SCMP_ACT_ERRNO:1/1/2/SCMP_CMP_GE,3/3/3/SCMP_CMP_GT | "seccomp": {,"syscalls": [,{,"name": "getcwd",,"action": "SCMP_ACT_ERRNO",,"args": [,{,"index": 1,,"value": 1,,"valueTwo": 2,,"op": "SCMP_CMP_GE",},,{,"index": 3,,"value": 3,,"valueTwo": 3,,"op": "SCMP_CMP_GT",},],},],}, |
| disableoomiller | N | disableoomiller | --disableoomiller true | "resources": {,"disableOOMKiller": true, |
| memory | N | limit:reservation:swap:kernel:swappiness | --memory 0:0:0:0:-1 | "memory": {,"limit": 0,,"reservation": 0,,"swap": 0,,"kernel": 0,,"swappiness": -1,}, |
| cpu | N | shares:quota:period:realtimeRuntime:realtimePeriod:cpus:mems | --cpu 0:0:0:0:0:: | "cpu": {,"shares": 0,,"quota": 0,,"period": 0,,"realtimeRuntime": 0,,"realtimePeriod": 0,,"cpus": "",,"mems": "",}, |
| pids | N | pids limit | --pids 2 | "pids": {,"limit": 2,}, |
| blockio-weight | N | blkioWeight | --blockio-weight 3 | "blockIO": {,"blkioWeight": 3, |
| blockio-leafweight | N | blockioleafweight | --blockio-leafweight 2 | "blockIO": {,"blkioLeafWeight": 0, |
| hugepagelimit | Y | pagesize:limit | --hugepagelimit 4MB:204800 | "hugepageLimits": [,{,"pageSize": "4MB",,"limit": 204800,},], |
| networkid | N | networkid | --networkid ClassId | "network": {,"classId": "ClassId", |
| networkpriority | Y | name:priority | --networkpriority eth0:500 |