{ "ociVersion": "1.0.0", "platform": { "os": "linux", "arch": "amd64" }, "process": { "terminal": false, "consoleSize": { "height": 0, "width": 0 }, "user": { "uid": 0, "gid": 0 }, "args": [ "/usr/local/bin/run-system-container.sh" ], "env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", "OPTS=$OPTS", "PLAYBOOK_FILE=$PLAYBOOK_FILE", "ANSIBLE_CONFIG=$ANSIBLE_CONFIG" ], "cwd": "/opt/app-root/src/", "rlimits": [ { "type": "RLIMIT_NOFILE", "hard": 1024, "soft": 1024 } ], "noNewPrivileges": true }, "root": { "path": "rootfs", "readonly": true }, "mounts": [ { "destination": "/proc", "type": "proc", "source": "proc" }, { "destination": "/dev", "type": "tmpfs", "source": "tmpfs", "options": [ "nosuid", "strictatime", "mode=755", "size=65536k" ] }, { "destination": "/dev/pts", "type": "devpts", "source": "devpts", "options": [ "nosuid", "noexec", "newinstance", "ptmxmode=0666", "mode=0620", "gid=5" ] }, { "destination": "/dev/shm", "type": "tmpfs", "source": "shm", "options": [ "nosuid", "noexec", "nodev", "mode=1777", "size=65536k" ] }, { "destination": "/dev/mqueue", "type": "mqueue", "source": "mqueue", "options": [ "nosuid", "noexec", "nodev" ] }, { "destination": "/sys", "type": "sysfs", "source": "sysfs", "options": [ "nosuid", "noexec", "nodev", "ro" ] }, { "type": "bind", "source": "$HOME_ROOT/.ssh", "destination": "/opt/app-root/src/.ssh", "options": [ "bind", "rw", "mode=755" ] }, { "type": "bind", "source": "$HOME_ROOT", "destination": "/root", "options": [ "bind", "rw", "mode=755" ] }, { "type": "bind", "source": "$VAR_LIB_OPENSHIFT_INSTALLER", "destination": "/var/lib/openshift-installer", "options": [ "bind", "rw", "mode=755" ] }, { "type": "bind", "source": "$VAR_LOG_OPENSHIFT_LOG", "destination": "/var/log/ansible.log", "options": [ "bind", "rw", "mode=755" ] }, { "destination": "/root/.ansible", "type": "tmpfs", "source": "tmpfs", "options": [ "nosuid", "strictatime", "mode=755" ] }, { "destination": "/tmp", "type": "tmpfs", "source": "tmpfs", "options": [ "nosuid", "strictatime", "mode=755" ] }, { "type": "bind", "source": "$INVENTORY_FILE", "destination": "/etc/ansible/hosts", "options": [ "bind", "rw", "mode=755" ] }, { "destination": "/etc/resolv.conf", "type": "bind", "source": "/etc/resolv.conf", "options": [ "ro", "rbind", "rprivate" ] }, { "destination": "/sys/fs/cgroup", "type": "cgroup", "source": "cgroup", "options": [ "nosuid", "noexec", "nodev", "relatime", "ro" ] } ], "hooks": { }, "linux": { "resources": { "devices": [ { "allow": false, "access": "rwm" } ] }, "namespaces": [ { "type": "pid" }, { "type": "mount" } ], "maskedPaths": [ "/proc/kcore", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", "/proc/sched_debug", "/sys/firmware" ], "readonlyPaths": [ "/proc/asound", "/proc/bus", "/proc/fs", "/proc/irq", "/proc/sys", "/proc/sysrq-trigger" ] } }