1 files changed, 22 insertions, 12 deletions

diff --git a/pkg/libcontainer/container.go b/pkg/libcontainer/container.go
index a777da58a4..c7cac35428 100644
--- a/pkg/libcontainer/container.go
+++ b/pkg/libcontainer/container.go
@@ -11,18 +11,19 @@ type Context map[string]string
 // Container defines configuration options for how a
 // container is setup inside a directory and how a process should be executed
 type Container struct {
-	Hostname     string          `json:"hostname,omitempty"`      // hostname
-	ReadonlyFs   bool            `json:"readonly_fs,omitempty"`   // set the containers rootfs as readonly
-	NoPivotRoot  bool            `json:"no_pivot_root,omitempty"` // this can be enabled if you are running in ramdisk
-	User         string          `json:"user,omitempty"`          // user to execute the process as
-	WorkingDir   string          `json:"working_dir,omitempty"`   // current working directory
-	Env          []string        `json:"environment,omitempty"`   // environment to set
-	Tty          bool            `json:"tty,omitempty"`           // setup a proper tty or not
-	Namespaces   Namespaces      `json:"namespaces,omitempty"`    // namespaces to apply
-	Capabilities Capabilities    `json:"capabilities,omitempty"`  // capabilities to drop
-	Networks     []*Network      `json:"networks,omitempty"`      // nil for host's network stack
-	Cgroups      *cgroups.Cgroup `json:"cgroups,omitempty"`       // cgroups
-	Context      Context         `json:"context,omitempty"`       // generic context for specific options (apparmor, selinux)
+	Hostname         string          `json:"hostname,omitempty"`          // hostname
+	ReadonlyFs       bool            `json:"readonly_fs,omitempty"`       // set the containers rootfs as readonly
+	NoPivotRoot      bool            `json:"no_pivot_root,omitempty"`     // this can be enabled if you are running in ramdisk
+	User             string          `json:"user,omitempty"`              // user to execute the process as
+	WorkingDir       string          `json:"working_dir,omitempty"`       // current working directory
+	Env              []string        `json:"environment,omitempty"`       // environment to set
+	Tty              bool            `json:"tty,omitempty"`               // setup a proper tty or not
+	Namespaces       Namespaces      `json:"namespaces,omitempty"`        // namespaces to apply
+	CapabilitiesMask Capabilities    `json:"capabilities_mask,omitempty"` // capabilities to drop
+	Networks         []*Network      `json:"networks,omitempty"`          // nil for host's network stack
+	Cgroups          *cgroups.Cgroup `json:"cgroups,omitempty"`           // cgroups
+	Context          Context         `json:"context,omitempty"`           // generic context for specific options (apparmor, selinux)
+	Mounts           []Mount         `json:"mounts,omitempty"`
 }
 
 // Network defines configuration for a container's networking stack
@@ -36,3 +37,12 @@ type Network struct {
 	Gateway string  `json:"gateway,omitempty"`
 	Mtu     int     `json:"mtu,omitempty"`
 }
+
+// Bind mounts from the host system to the container
+//
+type Mount struct {
+	Source      string `json:"source"`      // Source path, in the host namespace
+	Destination string `json:"destination"` // Destination path, in the container
+	Writable    bool   `json:"writable"`
+	Private     bool   `json:"private"`
+}