MahmoudEmad/herolib
1
0
Fork 0
Code Issues 55 Pull Requests 1 Actions Packages Projects Releases 26 Wiki Activity
Files
e55a9741e28646c602fbe073cd3a8c907e00186b
herolib/lib/virt/crun/example.v
Mahmoud-Emad 6c971ca689 feat: Add custom crun root and enhance container lifecycle 
- Use custom `crun --root` for all container commands
- Implement `cleanup_crun_state` for factory reset
- Add retry logic for `crun create` on "File exists" error
- Improve OCI config with `set_terminal`, unique env/rlimits
- Add default mounts for `/dev/pts`, `/dev/shm`, `/dev/mqueue`, `/sys/fs/cgroup`
2025-09-10 13:44:32 +03:00

69 lines
2.3 KiB
V
Raw Blame History

module crun
pub fn example_heropods_compatible() ! {
mut configs := map[string]&CrunConfig{}
// Create a container configuration compatible with heropods template
mut config := new(mut configs, name: 'heropods-example')!
// Configure to match the template - disable terminal for background containers
config.set_terminal(false)
config.set_command(['/bin/sh'])
config.set_working_dir('/')
config.set_user(0, 0, [])
config.add_env('PATH', '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin')
config.add_env('TERM', 'xterm')
config.set_rootfs('/tmp/rootfs', false) // This will be replaced by the actual path
config.set_hostname('container')
config.set_no_new_privileges(true)
// Add the specific rlimit from template
config.add_rlimit(.rlimit_nofile, 1024, 1024)
// Validate the configuration
config.validate()!
// Generate and print JSON
json_output := config.to_json()!
println(json_output)
// Save to file
config.save_to_file('/tmp/heropods_config.json')!
println('Heropods-compatible configuration saved to /tmp/heropods_config.json')
}
pub fn example_custom() ! {
mut configs := map[string]&CrunConfig{}
// Create a more complex container configuration
mut config := new(mut configs, name: 'custom-container')!
config.set_command(['/usr/bin/my-app', '--config', '/etc/myapp/config.yaml'])
config.set_working_dir('/app')
config.set_user(1000, 1000, [1001, 1002])
config.add_env('MY_VAR', 'my_value')
config.add_env('ANOTHER_VAR', 'another_value')
config.set_rootfs('/path/to/rootfs', false)
config.set_hostname('my-custom-container')
config.set_memory_limit(1024 * 1024 * 1024) // 1GB
config.set_cpu_limits(100000, 50000, 1024) // period, quota, shares
config.set_pids_limit(500)
config.add_mount('/host/path', '/container/path', .bind, [.rw])
config.add_mount('/tmp/cache', '/app/cache', .tmpfs, [.rw, .noexec])
config.add_capability(.cap_sys_admin)
config.remove_capability(.cap_net_raw)
config.add_rlimit(.rlimit_nproc, 100, 50)
config.set_no_new_privileges(true)
// Add some additional security hardening
config.add_masked_path('/proc/kcore')
config.add_readonly_path('/proc/sys')
// Validate before use
config.validate()!
// Get the JSON
json_str := config.to_json()!
println('Custom container config:')
println(json_str)
}
Reference in New Issue View Git Blame Copy Permalink