container.query

Sent on container changes.

Type: object

ContainerAddedEvent

Type: object
No Additional Properties

Id

Type: integer

ContainerEntry

Type: object
No Additional Properties

Id

Type: integer

Container ID.

Uuid

Default: null

Container UUID (for libvirt).

Type: string
Type: null

Name

Type: string

Container name.

Must be at least 1 characters long

Description

Type: string Default: ""

Container description.

Devices

Type: array of object Default: []

Container's devices.

 No Additional Items
Each item of this array must be:

ContainerDeviceEntry

Type: object
No Additional Properties

Id

Type: integer

Unique identifier for the containers device.

Attributes


Device-specific configuration attributes.

ContainerFilesystemDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for FILESYSTEM devices.

Specific value: "FILESYSTEM"

Target

Type: string Default: "/usr/bin/zsh"

Target must not contain braces.

Must match regular expression: ^[^{}]*$

Must be at least 1 characters long

Source

Type: string Default: "/usr/bin/zsh"

Source must not contain braces, and not start with /mnt/.

Must match regular expression: ^[^{}]*$

Must be at least 1 characters long

ContainerGPUDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for GPU devices.

Specific value: "GPU"

Gpu Type

Type: const

GPU device type.

Specific value: "AMD"

Pci Address

Type: string

PCI address of the GPU device on the host system.

Must be at least 1 characters long

ContainerNICDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for network interface cards.

Specific value: "NIC"

Trust Guest Rx Filters

Type: boolean Default: false

Whether to trust guest OS receive filter settings for better performance.

Type

Type: enum (of string) Default: "E1000"

Network interface controller type. E1000 for Intel compatibility, VIRTIO for performance.

Must be one of:
  • "E1000"
  • "VIRTIO"

Nic Attach

Default: null

Host network interface or bridge to attach to. null for no attachment.

Type: string
Type: null

Mac

Default: null

MAC address for the virtual network interface. null for auto-generation.

Type: string
Must match regular expression: ^([0-9A-Fa-f]{2}[:-]?){5}([0-9A-Fa-f]{2})$
Type: null

ContainerUSBDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for USB devices.

Specific value: "USB"

Default: null

USB device attributes for identification. null for USB host controller only.

USBAttributes

Type: object
No Additional Properties

Vendor Id

Type: string Default: "/usr/bin/zsh"

USB vendor identifier in hexadecimal format (e.g., '0x1d6b' for Linux Foundation).

Must match regular expression: ^0x.*

Must be at least 1 characters long

Product Id

Type: string Default: "/usr/bin/zsh"

USB product identifier in hexadecimal format (e.g., '0x0002' for 2.0 root hub).

Must match regular expression: ^0x.*

Must be at least 1 characters long

Type: null

Device

Default: null

Host USB device path to pass through. null for controller only.

Type: string

Must be at least 1 characters long

Type: null

Container

Type: integer

ID of the container this device belongs to.

Cpuset

Default: null

List of physical CPU numbers that domain process and virtual CPUs can be pinned to by default.

Type: string
Type: null

Autostart

Type: boolean Default: true

Automatically start the container on boot.

Time

Type: enum (of string) Default: "LOCAL"

Whether container time should be local time or UTC time.

Must be one of:
  • "LOCAL"
  • "UTC"

Shutdown Timeout

Type: integer Default: 90

How many seconds to wait for container to shut down before killing it.

Value must be greater or equal to 5 and lesser or equal to 300

Dataset

Type: string

Which dataset to use as the container root filesystem.

Init

Type: string Default: "/sbin/init"

"init" process commandline.

Initdir

Default: null

"init" process working dir.

Type: string
Type: null

Initenv

Type: object Default: {}

"init" process environment variables.

Each additional property must conform to the following schema

Type: string

Inituser

Default: null

"init" process username.

Type: string
Type: null

Initgroup

Default: null

"init" process group.

Type: string
Type: null

Idmap

Default: {"type": "DEFAULT"}

Idmap configuration for the container There are three two possible values: DEFAULT: This applies the standard TrueNAS idmap namespace configuration. It changes user ID (UID) 0 (root) in the container to UID 2147000001 (truenascontainerunpriv_root). It offsets the other container UIDs by the same amount. For example, UID 1000 in the container becomes UID 2147001001 in the host. ISOLATED: Same as DEFAULT, but UID will be calculated as 2147000001 + 65536 * slice. This will ensure unique ID for each container (provided that the slice is also unique).
None: The container does not apply any idmap namespace. Container UIDs map directly to host UIDs. For example, UID 0 in the container is UID 0 in the host. WARNING: For security, use the DEFAULT value. Security best practice is to run containers with idmap namespaces.


DefaultIdmapConfiguration

Type: object
No Additional Properties

Type

Type: const

Configuration type for default ID mapping.

Specific value: "DEFAULT"

IsolatedIdmapConfiguration

Type: object
No Additional Properties

Type

Type: const

Configuration type for isolated ID mapping.

Specific value: "ISOLATED"

Slice


null when creating means we'll look up an unused slice on backend.

Type: integer

Value must be strictly greater than 0 and strictly lesser than 1000

Type: null
Type: null

Capabilities Policy

Type: enum (of string) Default: "DEFAULT"

Default rules for capabilities: either keep the default behavior that is dropping the following capabilities: sysmodule, systime, mknod, auditcontrol, macadmin. Or keep all capabilities, or drop all capabilities.

Must be one of:
  • "DEFAULT"
  • "ALLOW"
  • "DENY"

Capabilities State

Type: object Default: {}

Enable or disable specific capabilities.

Each additional property must conform to the following schema

Type: boolean

ContainerStatus

Type: object

Container state.

 No Additional Properties

State

Type: enum (of string)

Container state.

Must be one of:
  • "RUNNING"
  • "STOPPED"

Pid


Container PID (if running).

Type: integer
Type: null

Domain State


Domain state reported by libvirt.

Type: string

Must be at least 1 characters long

Type: null

ContainerChangedEvent

Type: object
No Additional Properties

Id

Type: integer

ContainerEntry

Type: object
No Additional Properties

Id

Type: integer

Container ID.

Uuid

Default: null

Container UUID (for libvirt).

Type: string
Type: null

Name

Type: string

Container name.

Must be at least 1 characters long

Description

Type: string Default: ""

Container description.

Devices

Type: array of object Default: []

Container's devices.

 No Additional Items
Each item of this array must be:

ContainerDeviceEntry

Type: object
No Additional Properties

Id

Type: integer

Unique identifier for the containers device.

Attributes


Device-specific configuration attributes.

ContainerFilesystemDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for FILESYSTEM devices.

Specific value: "FILESYSTEM"

Target

Type: string Default: "/usr/bin/zsh"

Target must not contain braces.

Must match regular expression: ^[^{}]*$

Must be at least 1 characters long

Source

Type: string Default: "/usr/bin/zsh"

Source must not contain braces, and not start with /mnt/.

Must match regular expression: ^[^{}]*$

Must be at least 1 characters long

ContainerGPUDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for GPU devices.

Specific value: "GPU"

Gpu Type

Type: const

GPU device type.

Specific value: "AMD"

Pci Address

Type: string

PCI address of the GPU device on the host system.

Must be at least 1 characters long

ContainerNICDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for network interface cards.

Specific value: "NIC"

Trust Guest Rx Filters

Type: boolean Default: false

Whether to trust guest OS receive filter settings for better performance.

Type

Type: enum (of string) Default: "E1000"

Network interface controller type. E1000 for Intel compatibility, VIRTIO for performance.

Must be one of:
  • "E1000"
  • "VIRTIO"

Nic Attach

Default: null

Host network interface or bridge to attach to. null for no attachment.

Type: string
Type: null

Mac

Default: null

MAC address for the virtual network interface. null for auto-generation.

Type: string
Must match regular expression: ^([0-9A-Fa-f]{2}[:-]?){5}([0-9A-Fa-f]{2})$
Type: null

ContainerUSBDevice

Type: object
No Additional Properties

Dtype

Type: const

Device type identifier for USB devices.

Specific value: "USB"

Default: null

USB device attributes for identification. null for USB host controller only.

USBAttributes

Type: object
No Additional Properties

Vendor Id

Type: string Default: "/usr/bin/zsh"

USB vendor identifier in hexadecimal format (e.g., '0x1d6b' for Linux Foundation).

Must match regular expression: ^0x.*

Must be at least 1 characters long

Product Id

Type: string Default: "/usr/bin/zsh"

USB product identifier in hexadecimal format (e.g., '0x0002' for 2.0 root hub).

Must match regular expression: ^0x.*

Must be at least 1 characters long

Type: null

Device

Default: null

Host USB device path to pass through. null for controller only.

Type: string

Must be at least 1 characters long

Type: null

Container

Type: integer

ID of the container this device belongs to.

Cpuset

Default: null

List of physical CPU numbers that domain process and virtual CPUs can be pinned to by default.

Type: string
Type: null

Autostart

Type: boolean Default: true

Automatically start the container on boot.

Time

Type: enum (of string) Default: "LOCAL"

Whether container time should be local time or UTC time.

Must be one of:
  • "LOCAL"
  • "UTC"

Shutdown Timeout

Type: integer Default: 90

How many seconds to wait for container to shut down before killing it.

Value must be greater or equal to 5 and lesser or equal to 300

Dataset

Type: string

Which dataset to use as the container root filesystem.

Init

Type: string Default: "/sbin/init"

"init" process commandline.

Initdir

Default: null

"init" process working dir.

Type: string
Type: null

Initenv

Type: object Default: {}

"init" process environment variables.

Each additional property must conform to the following schema

Type: string

Inituser

Default: null

"init" process username.

Type: string
Type: null

Initgroup

Default: null

"init" process group.

Type: string
Type: null

Idmap

Default: {"type": "DEFAULT"}

Idmap configuration for the container There are three two possible values: DEFAULT: This applies the standard TrueNAS idmap namespace configuration. It changes user ID (UID) 0 (root) in the container to UID 2147000001 (truenascontainerunpriv_root). It offsets the other container UIDs by the same amount. For example, UID 1000 in the container becomes UID 2147001001 in the host. ISOLATED: Same as DEFAULT, but UID will be calculated as 2147000001 + 65536 * slice. This will ensure unique ID for each container (provided that the slice is also unique).
None: The container does not apply any idmap namespace. Container UIDs map directly to host UIDs. For example, UID 0 in the container is UID 0 in the host. WARNING: For security, use the DEFAULT value. Security best practice is to run containers with idmap namespaces.


DefaultIdmapConfiguration

Type: object
No Additional Properties

Type

Type: const

Configuration type for default ID mapping.

Specific value: "DEFAULT"

IsolatedIdmapConfiguration

Type: object
No Additional Properties

Type

Type: const

Configuration type for isolated ID mapping.

Specific value: "ISOLATED"

Slice


null when creating means we'll look up an unused slice on backend.

Type: integer

Value must be strictly greater than 0 and strictly lesser than 1000

Type: null
Type: null

Capabilities Policy

Type: enum (of string) Default: "DEFAULT"

Default rules for capabilities: either keep the default behavior that is dropping the following capabilities: sysmodule, systime, mknod, auditcontrol, macadmin. Or keep all capabilities, or drop all capabilities.

Must be one of:
  • "DEFAULT"
  • "ALLOW"
  • "DENY"

Capabilities State

Type: object Default: {}

Enable or disable specific capabilities.

Each additional property must conform to the following schema

Type: boolean

ContainerStatus

Type: object

Container state.

 No Additional Properties

State

Type: enum (of string)

Container state.

Must be one of:
  • "RUNNING"
  • "STOPPED"

Pid


Container PID (if running).

Type: integer
Type: null

Domain State


Domain state reported by libvirt.

Type: string

Must be at least 1 characters long

Type: null

ContainerRemovedEvent

Type: object
No Additional Properties

Id

Type: integer


Required roles: CONTAINER_READ