nginx OCI Container

nginx OCI Container content:

Container used here is “nginx:latest”

$ ls
config.json  rootfs

config.json:

{
  "linux": {
    "readonlyPaths": [
      "/proc/asound",
      "/proc/bus",
      "/proc/fs",
      "/proc/irq",
      "/proc/sys",
      "/proc/sysrq-trigger"
    ],
    "maskedPaths": [
      "/proc/kcore",
      "/proc/latency_stats",
      "/proc/timer_stats",
      "/proc/sched_debug"
    ],
    "namespaces": [
      {
        "type": "pid"
      },
      {
        "type": "network"
      },
      {
        "type": "ipc"
      },
      {
        "type": "uts"
      },
      {
        "type": "mount"
      }
    ],
    "resources": {
      "devices": [
        {
          "access": "rwm",
          "allow": false
        }
      ]
    }
  },
  "hooks": {},
  "mounts": [
    {
      "source": "proc",
      "type": "proc",
      "destination": "/proc"
    },
    {
      "options": [
        "nosuid",
        "strictatime",
        "mode=755",
        "size=65536k"
      ],
      "source": "tmpfs",
      "type": "tmpfs",
      "destination": "/dev"
    },
    {
      "options": [
        "nosuid",
        "noexec",
        "newinstance",
        "ptmxmode=0666",
        "mode=0620",
        "gid=5"
      ],
      "source": "devpts",
      "type": "devpts",
      "destination": "/dev/pts"
    },
    {
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "mode=1777",
        "size=65536k"
      ],
      "source": "shm",
      "type": "tmpfs",
      "destination": "/dev/shm"
    },
    {
      "options": [
        "nosuid",
        "noexec",
        "nodev"
      ],
      "source": "mqueue",
      "type": "mqueue",
      "destination": "/dev/mqueue"
    },
    {
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "ro"
      ],
      "source": "sysfs",
      "type": "sysfs",
      "destination": "/sys"
    },
    {
      "options": [
        "nosuid",
        "noexec",
        "nodev",
        "relatime",
        "ro"
      ],
      "source": "cgroup",
      "type": "cgroup",
      "destination": "/sys/fs/cgroup"
    }
  ],
  "hostname": "runc",
  "root": {
    "readonly": true,
    "path": "rootfs"
  },
  "process": {
    "noNewPrivileges": true,
    "rlimits": [
      {
        "soft": 1024,
        "hard": 1024,
        "type": "RLIMIT_NOFILE"
      }
    ],
    "capabilities": [
      "CAP_AUDIT_WRITE",
      "CAP_KILL",
      "CAP_NET_BIND_SERVICE"
    ],
    "cwd": "/",
    "env": [
      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
      "TERM=xterm"
    ],
    "args": [
      "sh"
    ],
    "user": {},
    "terminal": true
  },
  "platform": {
    "arch": "amd64",
    "os": "linux"
  },
  "ociVersion": "0.6.0-dev"
}

rootfs content:

$ ls rootfs/
bin   dev  home  lib64  mnt  proc  run   srv  tmp  var
boot  etc  lib   media  opt  root  sbin  sys  usr