Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/stabilize-10452.85.B / . / arc / container-bundle / master / config.json
blob: c92e08bf1ae2ea197743328be451ce028af2ebb5 [file] [log] [blame]
{
"ociVersion": "1.0.0-rc1",
"platform": {
"os": "linux",
"arch": "all"
},
"process": {
"terminal": true,
"user": {
"uid": 0,
"gid": 0
},
"umask": 0,
"args": [
"/init"
],
"env": [
"INIT_SELINUX_TOOK=1500",
"INIT_STARTED_AT=1000",
"INIT_SECOND_STAGE=y"
],
"rlimits": [
{
"type": "RLIMIT_NICE",
"hard": 40,
"soft": 40
}
],
"cwd": "/",
"selinuxLabel": "u:r:init:s0",
"capabilities": {
"effective": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_ADMIN",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL"
],
"bounding": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_ADMIN",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL"
],
"inheritable": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_ADMIN",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL"
],
"permitted": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_ADMIN",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL"
],
"ambient": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_DAC_READ_SEARCH",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_SETGID",
"CAP_SETUID",
"CAP_SETPCAP",
"CAP_NET_BIND_SERVICE",
"CAP_NET_BROADCAST",
"CAP_NET_ADMIN",
"CAP_NET_RAW",
"CAP_IPC_LOCK",
"CAP_IPC_OWNER",
"CAP_SYS_RAWIO",
"CAP_SYS_CHROOT",
"CAP_SYS_PTRACE",
"CAP_SYS_ADMIN",
"CAP_SYS_NICE",
"CAP_SYS_RESOURCE",
"CAP_SYS_TTY_CONFIG",
"CAP_MKNOD",
"CAP_AUDIT_WRITE",
"CAP_AUDIT_CONTROL"
]
}
},
"root": {
"path": "rootfs/root"
},
"hostname": "android",
"mounts": [
{
"_comment": "TODO(yusukes): Swap dev for nodev and adjust auto-test",
"destination": "/",
"type": "bind",
"source": "rootfs/root",
"options": [
"rslave",
"dev",
"suid",
"exec"
],
"performInIntermediateNamespace": true
},
{
"destination": "/vendor",
"type": "squashfs",
"source": "/opt/google/containers/android/vendor.raw.img",
"options": [
"loop",
"ro",
"nodev"
]
},
{
"destination": "/data",
"type": "bind",
"source": "/opt/google/containers/android/rootfs/android-data/data",
"options": [
"rbind"
]
},
{
"destination": "/data/cache",
"type": "bind",
"source": "/opt/google/containers/android/rootfs/android-data/cache",
"options": [
"bind"
]
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"mode=755",
"uid=655360",
"gid=655360",
"nosuid"
],
"performInIntermediateNamespace": true
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"newinstance",
"noexec",
"nosuid",
"ptmxmode=0666"
]
},
{
"destination": "/dev/ptmx",
"type": "bind",
"source": "rootfs/root/dev/pts/ptmx",
"options": [
"bind"
]
},
{
"destination": "/dev/socket",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"mode=755",
"nosuid",
"nodev",
"noexec"
]
},
{
"destination": "/dev/kmsg",
"type": "bind",
"source": "/run/arc/android.kmsg.fifo",
"options": [
"bind"
]
},
{
"destination": "/var/run/arc",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"mode=775",
"gid=1000",
"noexec",
"nodev",
"nosuid"
]
},
{
"destination": "/var/run/arc/sdcard",
"type": "bind",
"source": "/run/arc/sdcard",
"options": [
"rbind"
]
},
{
"destination": "/var/run/arc/shared_mounts",
"type": "bind",
"source": "/run/arc/shared_mounts",
"options": [
"rbind",
"rslave"
]
},
{
"destination": "/var/run/chrome",
"type": "bind",
"source": "/run/chrome",
"options": [
"bind"
]
},
{
"destination": "/var/run/cras",
"type": "bind",
"source": "/run/cras",
"options": [
"bind"
]
},
{
"destination": "/var/run/inputbridge",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"mode=0775",
"gid=1000",
"noexec",
"nodev",
"nosuid"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "none",
"options": [
"mode=755",
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys/fs/selinux",
"type": "bind",
"source": "/sys/fs/selinux",
"options": [
"bind"
]
},
{
"destination": "/sys/kernel/debug",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"mode=755",
"nosuid",
"nodev",
"noexec"
]
},
{
"destination": "/sys/kernel/debug/sync",
"type": "bind",
"source": "/run/arc/debugfs/sync",
"options": [
"bind"
]
},
{
"destination": "/proc",
"type": "proc",
"source": "proc",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/proc/cmdline",
"type": "bind",
"source": "/run/arc/cmdline.android",
"options": [
"bind"
]
},
{
"destination": "/proc/sys/vm/mmap_rnd_compat_bits",
"type": "bind",
"source": "/run/arc/fake_mmap_rnd_compat_bits",
"options": [
"bind"
]
},
{
"destination": "/proc/sys/vm/mmap_rnd_bits",
"type": "bind",
"source": "/run/arc/fake_mmap_rnd_bits",
"options": [
"bind"
]
},
{
"destination": "/proc/sys/kernel/kptr_restrict",
"type": "bind",
"source": "/run/arc/fake_kptr_restrict",
"options": [
"bind"
]
},
{
"destination": "/oem",
"type": "bind",
"source": "/run/arc/oem",
"options": [
"bind"
]
},
{
"destination": "/var/run/arc/bugreport",
"type": "bind",
"source": "/run/arc/bugreport",
"options": [
"bind"
]
},
{
"destination": "/var/run/arc/apkcache",
"type": "bind",
"source": "/mnt/stateful_partition/unencrypted/apkcache",
"options": [
"bind"
]
},
{
"destination": "/var/run/arc/dalvik-cache",
"type": "bind",
"source": "/mnt/stateful_partition/unencrypted/art-data/dalvik-cache",
"options": [
"bind"
]
},
{
"destination": "/var/run/camera",
"type": "bind",
"source": "/run/camera",
"options": [
"bind"
]
},
{
"destination": "/var/run/arc/obb",
"type": "bind",
"source": "/run/arc/obb",
"options": [
"rbind"
]
},
{
"destination": "/var/run/arc/media",
"type": "bind",
"source": "/run/arc/media",
"options": [
"rbind"
]
},
{
"destination": "/default.prop",
"type": "bind",
"source": "/run/arc/properties/default.prop",
"options": [
"bind"
]
},
{
"destination": "/system/build.prop",
"type": "bind",
"source": "/run/arc/properties/build.prop",
"options": [
"bind"
]
}
],
"hooks": {
"prechroot": [
{
"path": "/usr/sbin/arc-setup",
"args": [
"arc-setup",
"--pre-chroot"
],
"timeout": 8
}
]
},
"linux": {
"altSyscall": "android",
"cgroupsPath": "/session_manager_containers",
"cpu": {
"realtimeRuntime": 200000,
"realtimePeriod": 1000000
},
"skipSecurebits": [
"KEEP_CAPS",
"KEEP_CAPS_LOCKED"
],
"namespaces": [
{
"type": "cgroup"
},
{
"type": "pid"
},
{
"type": "network"
},
{
"type": "ipc"
},
{
"type": "user"
},
{
"type": "uts"
},
{
"type": "mount"
}
],
"devices": [
{
"path": "/dev/binder",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/console",
"type": "c",
"major": 5,
"minor": 1,
"fileMode": 384,
"uid": 0,
"gid": 0
},
{
"path": "/dev/hwbinder",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/vndbinder",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/null",
"type": "c",
"major": 1,
"minor": 3,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/random",
"type": "c",
"major": 1,
"minor": 8,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/urandom",
"type": "c",
"major": 1,
"minor": 9,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/zero",
"type": "c",
"major": 1,
"minor": 5,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/tty",
"type": "c",
"major": 5,
"minor": 0,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/ashmem",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/dri/card0",
"type": "c",
"major": 226,
"minor": 0,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/dri/card1",
"type": "c",
"major": 226,
"minor": 1,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/dri/controlD64",
"type": "c",
"major": 226,
"minor": 64,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/dri/renderD128",
"type": "c",
"major": 226,
"minor": 128,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/dri/renderD129",
"type": "c",
"major": 226,
"minor": 129,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/dri/renderD130",
"type": "c",
"major": 226,
"minor": 130,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/mali0",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/full",
"type": "c",
"major": 1,
"minor": 7,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/goldfish_pipe",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/ion",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 438,
"uid": 0,
"gid": 0
},
{
"path": "/dev/ppp",
"type": "c",
"major": 108,
"minor": 0,
"fileMode": 432,
"uid": 1001,
"gid": 1016
},
{
"path": "/dev/sw_sync",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 432,
"uid": 1000,
"gid": 1000
},
{
"path": "/dev/tun",
"type": "c",
"major": 10,
"minor": 200,
"fileMode": 432,
"uid": 1000,
"gid": 1016
},
{
"path": "/dev/xt_qtaguid",
"type": "c",
"major": 10,
"dynamicMinor": true,
"fileMode": 420,
"uid": 0,
"gid": 0
}
],
"uidMappings": [
{
"hostID": 655360,
"containerID": 0,
"size": 5000
},
{
"hostID": 600,
"containerID": 5000,
"size": 50
},
{
"hostID": 660410,
"containerID": 5050,
"size": 1994950
}
],
"gidMappings": [
{
"hostID": 655360,
"containerID": 0,
"size": 5000
},
{
"hostID": 600,
"containerID": 5000,
"size": 50
},
{
"hostID": 660410,
"containerID": 5050,
"size": 1994950
}
],
"resources": {
"devices": [
{
"allow": true,
"access": "rw",
"type": "c",
"major": 10
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 1,
"minor": 3
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 1,
"minor": 8
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 1,
"minor": 9
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 1,
"minor": 5
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 226,
"minor": 0
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 226,
"minor": 1
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 226,
"minor": 64
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 226,
"minor": 128
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 226,
"minor": 129
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 226,
"minor": 130
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 1,
"minor": 7
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 108,
"minor": 0
},
{
"allow": true,
"access": "rw",
"type": "c",
"major": 5
},
{
"_comment": "Allow pts device access",
"allow": true,
"access": "rwm",
"type": "c",
"major": 136
}
]
}
}
}