From c20a96dc9806158961d91a56d39f40d85ac513d8 Mon Sep 17 00:00:00 2001 From: John Howard Date: Fri, 12 May 2017 16:05:31 -0700 Subject: [PATCH] Windows: Add Hyper-V isolation fields Signed-off-by: John Howard --- config-windows.md | 21 ++++++++++++++++++++- schema/config-windows.json | 14 ++++++++++++++ specs-go/config.go | 10 ++++++++++ 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/config-windows.md b/config-windows.md index c56e8d3fd..714374413 100644 --- a/config-windows.md +++ b/config-windows.md @@ -118,7 +118,6 @@ You can indicate that a container should be started in a mode to apply pending s "servicing": true } ``` - ## IgnoreFlushesDuringBoot You can indicate that a container should be started in an a mode where disk flushes are not performed during container boot via the OPTIONAL `ignoreflushesduringboot` field of the Windows configuration. @@ -129,4 +128,24 @@ You can indicate that a container should be started in an a mode where disk flus "windows": { "ignoreflushesduringboot": true } +``` + +## HyperV + +`hyperv` is an OPTIONAL field of the Windows configuration. If present, the container MUST be run with Hyper-V isolation. If omitted, the container MUST be run as a Windows Server container. + +The following parameters can be specified: + +* **`utilityvmpath`** *(string, OPTIONAL)* - specifies the path to the image used for the utility VM. If not supplied, the runtime will search the container filesystem layers from the bottom-most layer upwards, until it locates "UtilityVM", and default to that path. + +* **`sandboxpath`** *(string, REQUIRED)* - specifies the root of the path to the sandbox to be used for the container. + +### Example + +```json + "windows": { + "hyperv": { + "sandboxpath": "C:\\\\programdata\\\\docker\\\\windowsfilter" + } + } ``` \ No newline at end of file diff --git a/schema/config-windows.json b/schema/config-windows.json index c0261e8c3..c5079272f 100644 --- a/schema/config-windows.json +++ b/schema/config-windows.json @@ -77,6 +77,20 @@ "ignoreflushesduringboot": { "id": "https://opencontainers.org/schema/bundle/windows/ignoreflushesduringboot", "type": "boolean" + }, + "hyperv": { + "id": "https://opencontainers.org/schema/bundle/windows/hyperv", + "type": "object", + "properties": { + "utilityvmpath": { + "id": "https://opencontainers.org/schema/bundle/windows/hyperv/utilityvmpath", + "type": "string" + }, + "sandboxpath": { + "id": "https://opencontainers.org/schema/bundle/windows/hyperv/sandboxpath", + "type": "string" + } + } } } } diff --git a/specs-go/config.go b/specs-go/config.go index 1b3f6d6c7..3247d33a9 100644 --- a/specs-go/config.go +++ b/specs-go/config.go @@ -438,6 +438,8 @@ type Windows struct { Servicing bool `json:"servicing,omitempty"` // IgnoreFlushesDuringBoot indicates if the container is being started in a mode where disk writes are not flushed during its boot process. IgnoreFlushesDuringBoot bool `json:"ignoreflushesduringboot,omitempty"` + // HyperV contains information for running a container with Hyper-V isolation. + HyperV *WindowsHyperV `json:"hyperv,omitempty"` } // WindowsResources has container runtime resource constraints for containers running on Windows. @@ -484,6 +486,14 @@ type WindowsNetworkResources struct { EgressBandwidth *uint64 `json:"egressBandwidth,omitempty"` } +// WindowsHyperV contains information for configuring a container to run with Hyper-V isolation. +type WindowsHyperV struct { + // SandboxPath is a required host-path to the sandbox to be used by the container. + SandboxPath string `json:"sandboxpath"` + // UtilityVMPath is an optional path to the image used for the Utility VM. + UtilityVMPath string `json:"utilityvmpath,omitempty"` +} + // LinuxSeccomp represents syscall restrictions type LinuxSeccomp struct { DefaultAction LinuxSeccompAction `json:"defaultAction"`