diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-12-23 21:41:25 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-23 21:41:25 +0100 |
commit | 9ac5ed1e08d271a138e92af84640711bae64044f (patch) | |
tree | 531dd7ab3a5c04b30d6053b1f8590657878ca00c | |
parent | 61a2262e398125b2bea2a85a7e53256b08558152 (diff) | |
parent | b0a738ce797bd2b91f5c8092ee9ff10e8e3fc7fa (diff) | |
download | podman-9ac5ed1e08d271a138e92af84640711bae64044f.tar.gz podman-9ac5ed1e08d271a138e92af84640711bae64044f.tar.bz2 podman-9ac5ed1e08d271a138e92af84640711bae64044f.zip |
Merge pull request #8806 from rhatdan/keyring
Pass down EnableKeyring from containers.conf to conmon
-rw-r--r-- | libpod/oci_conmon_linux.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 77c6a2f76..c99086b33 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -69,6 +69,7 @@ type ConmonOCIRuntime struct { supportsKVM bool supportsNoCgroups bool sdNotify bool + enableKeyring bool } // Make a new Conmon-based OCI runtime with the given options. @@ -107,6 +108,7 @@ func newConmonOCIRuntime(name string, paths []string, conmonPath string, runtime runtime.noPivot = runtimeCfg.Engine.NoPivotRoot runtime.reservePorts = runtimeCfg.Engine.EnablePortReservation runtime.sdNotify = runtimeCfg.Engine.SDNotify + runtime.enableKeyring = runtimeCfg.Containers.EnableKeyring // TODO: probe OCI runtime for feature and enable automatically if // available. @@ -1021,6 +1023,9 @@ func (r *ConmonOCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Co args = append(args, "-i") } + if !r.enableKeyring { + args = append(args, "--no-new-keyring") + } if ctr.config.ConmonPidFile != "" { args = append(args, "--conmon-pidfile", ctr.config.ConmonPidFile) } |