It is sometimes useful to inject platform-specific files and devices into an OCI container at runtime. Common use cases include device drivers (GPUs, network adapters, FPGAs, etc). This hook uses the POSIX-platform Hooks from the OCI Runtime Spec to inject these files into a container's rootfs before the container is started.
- Devices (not yet implemented) - Device files under /dev/
- Directories - create directories in the container rootfs
- Binaries - exectuable binaries
- Libraries - library files (updates ld.so.cache)
- Miscellaneous - ordinary files to copy in (chmod +x/ldconfig not required)
Configurations are definied in .json files placed in the /etc/oci-injector-hook/ directory. Each configuration has an activation_flag, which indicates an environment variable that must be present in the container's environment for the hook to execute.
The activation_flag can either be the name of an environment variable (VAR) or a variable with a value (VAR=value).
When a name is given the hook will run when the environment variable is present, when a variable with a value is given the hook will only run when the variable is present with the given value.
An example configuration file:
/etc/oci-injector-hook/foo.json
{
"activation_flag": "OCI_FOO",
"devices": [ "/dev/foo" ],
"binaries": [ "/usr/bin/runfoo" ],
"libraries": [ "/usr/lib64/libfoo.so" ],
"directories": [ "/etc/foo" ],
"miscellaneous": [ "/etc/foo/config.json" ]
}
This project is licensed under the Apache-2.0 License
This project was inspired by work done in the following projects to support SolarFlare Network Adapters: