opencontainers · mrunalp · Oct 12, 2016 · Sep 8, 2016
@@ -13,67 +13,67 @@ import (
 )
 
 var generateFlags = []cli.Flag{
-	cli.StringFlag{Name: "output", Usage: "output file (defaults to stdout)"},
-	cli.StringFlag{Name: "rootfs", Value: "rootfs", Usage: "path to the rootfs"},
-	cli.BoolFlag{Name: "read-only", Usage: "make the container's rootfs read-only"},
-	cli.BoolFlag{Name: "privileged", Usage: "enable privileged container settings"},
-	cli.BoolFlag{Name: "no-new-privileges", Usage: "set no new privileges bit for the container process"},
-	cli.BoolFlag{Name: "tty", Usage: "allocate a new tty for the container process"},
-	cli.StringFlag{Name: "hostname", Usage: "hostname value for the container"},
-	cli.IntFlag{Name: "uid", Usage: "uid for the process"},
-	cli.IntFlag{Name: "gid", Usage: "gid for the process"},
-	cli.StringSliceFlag{Name: "groups", Usage: "supplementary groups for the process"},
+	cli.StringFlag{Name: "apparmor", Usage: "specifies the the apparmor profile for the container"},
+	cli.StringFlag{Name: "arch", Value: runtime.GOARCH, Usage: "architecture the container is created for"},
+	cli.StringSliceFlag{Name: "args", Usage: "command to run in the container"},
+	cli.StringSliceFlag{Name: "bind", Usage: "bind mount directories src:dest:(rw,ro)"},
 	cli.StringSliceFlag{Name: "cap-add", Usage: "add Linux capabilities"},
 	cli.StringSliceFlag{Name: "cap-drop", Usage: "drop Linux capabilities"},
 	cli.StringFlag{Name: "cgroup", Usage: "cgroup namespace"},
-	cli.StringFlag{Name: "network", Usage: "network namespace"},
-	cli.StringFlag{Name: "mount", Usage: "mount namespace"},
-	cli.StringFlag{Name: "pid", Usage: "pid namespace"},
-	cli.StringFlag{Name: "ipc", Usage: "ipc namespace"},
-	cli.StringFlag{Name: "user", Usage: "user namespace"},
-	cli.StringFlag{Name: "uts", Usage: "uts namespace"},
-	cli.StringFlag{Name: "selinux-label", Usage: "process selinux label"},
-	cli.StringFlag{Name: "mount-label", Usage: "selinux mount context label"},
-	cli.StringSliceFlag{Name: "tmpfs", Usage: "mount tmpfs"},
-	cli.StringSliceFlag{Name: "args", Usage: "command to run in the container"},
-	cli.StringSliceFlag{Name: "env", Usage: "add environment variable e.g. key=value"},
 	cli.StringFlag{Name: "cgroups-path", Usage: "specify the path to the cgroups"},
-	cli.StringFlag{Name: "mount-cgroups", Value: "no", Usage: "mount cgroups (rw,ro,no)"},
-	cli.StringSliceFlag{Name: "bind", Usage: "bind mount directories src:dest:(rw,ro)"},
-	cli.StringSliceFlag{Name: "prestart", Usage: "path to prestart hooks"},
-	cli.StringSliceFlag{Name: "poststart", Usage: "path to poststart hooks"},
-	cli.StringSliceFlag{Name: "poststop", Usage: "path to poststop hooks"},
-	cli.StringFlag{Name: "root-propagation", Usage: "mount propagation for root"},
-	cli.StringFlag{Name: "os", Value: runtime.GOOS, Usage: "operating system the container is created for"},
-	cli.StringFlag{Name: "arch", Value: runtime.GOARCH, Usage: "architecture the container is created for"},
 	cli.StringFlag{Name: "cwd", Value: "/", Usage: "current working directory for the process"},
-	cli.StringSliceFlag{Name: "uidmappings", Usage: "add UIDMappings e.g HostID:ContainerID:Size"},
+	cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},
+	cli.StringSliceFlag{Name: "env", Usage: "add environment variable e.g. key=value"},
+	cli.IntFlag{Name: "gid", Usage: "gid for the process"},
 	cli.StringSliceFlag{Name: "gidmappings", Usage: "add GIDMappings e.g HostID:ContainerID:Size"},
-	cli.StringSliceFlag{Name: "sysctl", Usage: "add sysctl settings e.g net.ipv4.forward=1"},
-	cli.StringFlag{Name: "apparmor", Usage: "specifies the the apparmor profile for the container"},
-	cli.StringFlag{Name: "seccomp-default", Usage: "specifies the the defaultaction of Seccomp syscall restrictions"},
-	cli.StringSliceFlag{Name: "seccomp-arch", Usage: "specifies Additional architectures permitted to be used for system calls"},
-	cli.StringSliceFlag{Name: "seccomp-syscalls", Usage: "specifies Additional architectures permitted to be used for system calls, e.g Name:Action:Arg1_index/Arg1_value/Arg1_valuetwo/Arg1_op, Arg2_index/Arg2_value/Arg2_valuetwo/Arg2_op "},
-	cli.StringSliceFlag{Name: "seccomp-allow", Usage: "specifies syscalls to be added to allowed"},
-	cli.StringSliceFlag{Name: "seccomp-errno", Usage: "specifies syscalls to be added to list that returns an error"},
-	cli.StringFlag{Name: "template", Usage: "base template to use for creating the configuration"},
+	cli.StringSliceFlag{Name: "groups", Usage: "supplementary groups for the process"},
+	cli.StringFlag{Name: "hostname", Usage: "hostname value for the container"},
+	cli.StringFlag{Name: "ipc", Usage: "ipc namespace"},
 	cli.StringSliceFlag{Name: "label", Usage: "add annotations to the configuration e.g. key=value"},
-	cli.BoolFlag{Name: "disable-oom-kill", Usage: "disable OOM Killer"},
-	cli.IntFlag{Name: "oom-score-adj", Usage: "oom_score_adj for the container"},
 	cli.Uint64Flag{Name: "linux-cpu-shares", Usage: "the relative share of CPU time available to the tasks in a cgroup"},
 	cli.Uint64Flag{Name: "linux-cpu-period", Usage: "the CPU period to be used for hardcapping (in usecs)"},
 	cli.Uint64Flag{Name: "linux-cpu-quota", Usage: "the allowed CPU time in a given period (in usecs)"},
-	cli.Uint64Flag{Name: "linux-realtime-runtime", Usage: "the time realtime scheduling may use (in usecs)"},
-	cli.Uint64Flag{Name: "linux-realtime-period", Usage: "CPU period to be used for realtime scheduling (in usecs)"},
 	cli.StringFlag{Name: "linux-cpus", Usage: "CPUs to use within the cpuset (default is to use any CPU available)"},
-	cli.StringFlag{Name: "linux-mems", Usage: "list of memory nodes in the cpuset (default is to use any available memory node)"},
+	cli.Uint64Flag{Name: "linux-mem-kernel-limit", Usage: "kernel memory limit (in bytes)"},
+	cli.Uint64Flag{Name: "linux-mem-kernel-tcp", Usage: "kernel memory limit for tcp (in bytes)"},
 	cli.Uint64Flag{Name: "linux-mem-limit", Usage: "memory limit (in bytes)"},
 	cli.Uint64Flag{Name: "linux-mem-reservation", Usage: "memory reservation or soft limit (in bytes)"},
 	cli.Uint64Flag{Name: "linux-mem-swap", Usage: "total memory limit (memory + swap) (in bytes)"},
-	cli.Uint64Flag{Name: "linux-mem-kernel-limit", Usage: "kernel memory limit (in bytes)"},
-	cli.Uint64Flag{Name: "linux-mem-kernel-tcp", Usage: "kernel memory limit for tcp (in bytes)"},
 	cli.Uint64Flag{Name: "linux-mem-swappiness", Usage: "how aggressive the kernel will swap memory pages (Range from 0 to 100)"},
+	cli.StringFlag{Name: "linux-mems", Usage: "list of memory nodes in the cpuset (default is to use any available memory node)"},
 	cli.Int64Flag{Name: "linux-pids-limit", Usage: "maximum number of PIDs"},
+	cli.Uint64Flag{Name: "linux-realtime-period", Usage: "CPU period to be used for realtime scheduling (in usecs)"},
+	cli.Uint64Flag{Name: "linux-realtime-runtime", Usage: "the time realtime scheduling may use (in usecs)"},
+	cli.StringFlag{Name: "mount", Usage: "mount namespace"},
+	cli.StringFlag{Name: "mount-cgroups", Value: "no", Usage: "mount cgroups (rw,ro,no)"},
+	cli.StringFlag{Name: "mount-label", Usage: "selinux mount context label"},
+	cli.StringFlag{Name: "network", Usage: "network namespace"},
+	cli.BoolFlag{Name: "no-new-privileges", Usage: "set no new privileges bit for the container process"},
+	cli.IntFlag{Name: "oom-score-adj", Usage: "oom_score_adj for the container"},
+	cli.StringFlag{Name: "os", Value: runtime.GOOS, Usage: "operating system the container is created for"},
+	cli.StringFlag{Name: "output", Usage: "output file (defaults to stdout)"},
+	cli.StringFlag{Name: "pid", Usage: "pid namespace"},
+	cli.StringSliceFlag{Name: "poststart", Usage: "path to poststart hooks"},
+	cli.StringSliceFlag{Name: "poststop", Usage: "path to poststop hooks"},
+	cli.StringSliceFlag{Name: "prestart", Usage: "path to prestart hooks"},
+	cli.BoolFlag{Name: "privileged", Usage: "enable privileged container settings"},
+	cli.BoolFlag{Name: "read-only", Usage: "make the container's rootfs read-only"},
+	cli.StringFlag{Name: "root-propagation", Usage: "mount propagation for root"},
+	cli.StringFlag{Name: "rootfs", Value: "rootfs", Usage: "path to the rootfs"},
+	cli.StringSliceFlag{Name: "seccomp-arch", Usage: "specifies Additional architectures permitted to be used for system calls"},
+	cli.StringSliceFlag{Name: "seccomp-allow", Usage: "specifies syscalls to be added to allowed"},
+	cli.StringFlag{Name: "seccomp-default", Usage: "specifies the the defaultaction of Seccomp syscall restrictions"},
+	cli.StringSliceFlag{Name: "seccomp-errno", Usage: "specifies syscalls to be added to list that returns an error"},
+	cli.StringSliceFlag{Name: "seccomp-syscalls", Usage: "specifies Additional architectures permitted to be used for system calls, e.g Name:Action:Arg1_index/Arg1_value/Arg1_valuetwo/Arg1_op, Arg2_index/Arg2_value/Arg2_valuetwo/Arg2_op "},
+	cli.StringFlag{Name: "selinux-label", Usage: "process selinux label"},
+	cli.StringSliceFlag{Name: "sysctl", Usage: "add sysctl settings e.g net.ipv4.forward=1"},
+	cli.StringFlag{Name: "template", Usage: "base template to use for creating the configuration"},
+	cli.StringSliceFlag{Name: "tmpfs", Usage: "mount tmpfs"},
+	cli.BoolFlag{Name: "tty", Usage: "allocate a new tty for the container process"},
+	cli.IntFlag{Name: "uid", Usage: "uid for the process"},
+	cli.StringSliceFlag{Name: "uidmappings", Usage: "add UIDMappings e.g HostID:ContainerID:Size"},
+	cli.StringFlag{Name: "user", Usage: "user namespace"},
+	cli.StringFlag{Name: "uts", Usage: "uts namespace"},
 }
 
 var generateCommand = cli.Command{

@@ -13,15 +13,15 @@ func main() {
 	app.Version = "0.0.1"
 	app.Usage = "OCI (Open Container Initiative) runtime tools"
 	app.Flags = []cli.Flag{
+		cli.BoolFlag{
+			Name:  "host-specific",
+			Usage: "generate host-specific configs or do host-specific validations",
+		},
 		cli.StringFlag{
 			Name:  "log-level",
 			Value: "error",
 			Usage: "Log level (panic, fatal, error, warn, info, or debug)",
 		},
-		cli.BoolFlag{
-			Name:  "host-specific",
-			Usage: "generate host-specific configs or do host-specific validations",
-		},
 	}
 
 	app.Commands = []cli.Command{

@@ -99,17 +99,14 @@ read the configuration from `config.json`.
 **--linux-cpu-quota**=CPUQUOTA
   Specifies the total amount of time in microseconds for which all tasks in a cgroup can run during one period.
 
-**--linux-realtime-runtime**=REALTIMERUNTIME
-  Specifies a period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources.
-
-**--linux-realtime-period**=REALTIMEPERIOD
-  Sets the CPU period to be used for realtime scheduling (in usecs). Same as **--linux-cpu-period** but applies to realtime scheduler only.
-
 **--linux-cpus**=CPUS
   Sets the CPUs to use within the cpuset (default is to use any CPU available).
 
-**--linux-mems**=MEMS
-  Sets the list of memory nodes in the cpuset (default is to use any available memory node).
+**--linux-mem-kernel-limit**=MEMKERNELLIMIT
+  Sets the hard limit of kernel memory in bytes.
+
+**--linux-mem-kernel-tcp**=MEMKERNELTCP
+  Sets the hard limit of kernel TCP buffer memory in bytes.
 
 **--linux-mem-limit**=MEMLIMIT
   Sets the limit of memory usage in bytes.
@@ -120,18 +117,21 @@ read the configuration from `config.json`.
 **--linux-mem-swap**=MEMSWAP
   Sets the total memory limit (memory + swap) in bytes.
 
-**--linux-mem-kernel-limit**=MEMKERNELLIMIT
-  Sets the hard limit of kernel memory in bytes.
-
-**--linux-mem-kernel-tcp**=MEMKERNELTCP
-  Sets the hard limit of kernel TCP buffer memory in bytes.
-
 **--linux-mem-swappiness**=MEMSWAPPINESS
   Sets the swappiness of how the kernel will swap memory pages (Range from 0 to 100).
 
+**--linux-mems**=MEMS
+  Sets the list of memory nodes in the cpuset (default is to use any available memory node).
+
 **--linux-pids-limit**=PIDSLIMIT
   Set maximum number of PIDs.
 
+**--linux-realtime-period**=REALTIMEPERIOD
+  Sets the CPU period to be used for realtime scheduling (in usecs). Same as **--linux-cpu-period** but applies to realtime scheduler only.
+
+**--linux-realtime-runtime**=REALTIMERUNTIME
+  Specifies a period of time in microseconds for the longest continuous period in which the tasks in a cgroup have access to CPU resources.
+
 **--mount**=*PATH*
   Use a mount namespace where *PATH* is an existing mount namespace file
   to join. The special *PATH*  empty-string  creates a new namespace.
@@ -168,14 +168,14 @@ read the configuration from `config.json`.
 **--oom-score-adj**=adj
   Specifies oom_score_adj for the container.
 
+**--os**=OS
+  Operating system used within the container
+
 **--output**=PATH
   Instead of writing the configuration JSON to stdout, write it to a
   file at *PATH* (overwriting the existing content if a file already
   exists at *PATH*).
 
-**--os**=OS
-  Operating system used within the container
-
 **--pid**=*PATH*
   Use a PID namespace where *PATH* is an existing PID namespace file
   to join. The special *PATH*  empty-string  creates a new namespace.
@@ -219,23 +219,23 @@ read the configuration from `config.json`.
   Specifies Additional architectures permitted to be used for system calls.
   By default if you turn on seccomp, only the host architecture will be allowed.
 
+**--seccomp-allow**=SYSCALL
+  Specifies syscalls to be added to the ALLOW list.
+  See --seccomp-syscalls for setting limits on arguments.
+
 **--seccomp-default**=ACTION
   Specifies the the default action of Seccomp syscall restrictions
   Values: KILL,ERRNO,TRACE,ALLOW
 
+**--seccomp-errno**=SYSCALL
+  Specifies syscalls to be added to the ERRNO list.
+  See --seccomp-syscalls for setting limits on arguments.
+
 **--seccomp-syscalls**=SYSCALLS
   Specifies Additional syscalls permitted to be used for system calls,
   e.g Name:Action:Arg1_index/Arg1_value/Arg1_valuetwo/Arg1_op, Arg2_index/Arg2_value/Arg2_valuetwo/Arg2_op
   See --seccomp-allow and --seccomp-errno for convenient way to set seccomp syscall options.
 
-**--seccomp-allow**=SYSCALL
-  Specifies syscalls to be added to the ALLOW list.
-  See --seccomp-syscalls for setting limits on arguments.
-
-**--seccomp-errno**=SYSCALL
-  Specifies syscalls to be added to the ERRNO list.
-  See --seccomp-syscalls for setting limits on arguments.
-
 **--selinux-label**=PROCESSLABEL
   SELinux Label
   Depending on your SELinux policy, you would specify a label that looks like

@@ -17,12 +17,6 @@ oci-runtime-tool is a collection of tools for working with the [OCI runtime spec
 **--help**
   Print usage statement.
 
-**-v**, **--version**
-  Print version information.
-
-**--log-level**
-  Log level (panic, fatal, error, warn, info, or debug) (default: "error").
-
 **--host-specific**
   Generate host-specific configs or do host-specific validations.
 
@@ -35,6 +29,12 @@ oci-runtime-tool is a collection of tools for working with the [OCI runtime spec
   With this flag, validation will also run more specific tests to see whether
   the current host is capable of launching a container from the configuration.
 
+**--log-level**
+  Log level (panic, fatal, error, warn, info, or debug) (default: "error").
+
+**-v**, **--version**
+  Print version information.
+
 # COMMANDS
 **validate**
   Validating OCI bundle