diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-01-07 22:13:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-07 22:13:03 +0100 |
| commit | c41fd09a8da3a96bc0e58f9f29f87b9bdf30264d (patch) | |
| tree | 3d529c5b83bacd26c9b2b36e94349cc0bfca2e31 /cmd | |
| parent | bd3d8f4e282dc7a552d955bf5958b53d23937604 (diff) | |
| parent | b6792b61de7706ad6019a98db23c2a62753b1bde (diff) | |
| download | podman-c41fd09a8da3a96bc0e58f9f29f87b9bdf30264d.tar.gz podman-c41fd09a8da3a96bc0e58f9f29f87b9bdf30264d.tar.bz2 podman-c41fd09a8da3a96bc0e58f9f29f87b9bdf30264d.zip | |
Merge pull request #4781 from haircommander/seccomp-profile-root
play kube: make seccomp handling better conform to k8s
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/podman/cliconfig/config.go | 13 | ||||
| -rw-r--r-- | cmd/podman/play_kube.go | 3 |
2 files changed, 10 insertions, 6 deletions
diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index e81756808..282d90d0b 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -308,12 +308,13 @@ type HealthCheckValues struct { type KubePlayValues struct { PodmanCommand - Authfile string - CertDir string - Creds string - Quiet bool - SignaturePolicy string - TlsVerify bool + Authfile string + CertDir string + Creds string + Quiet bool + SignaturePolicy string + TlsVerify bool + SeccompProfileRoot string } type PodCreateValues struct { diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go index fc9f2d5b6..2028d2ef4 100644 --- a/cmd/podman/play_kube.go +++ b/cmd/podman/play_kube.go @@ -28,6 +28,8 @@ var ( }, Example: `podman play kube demo.yml`, } + // https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/ + defaultSeccompRoot = "/var/lib/kubelet/seccomp" ) func init() { @@ -46,6 +48,7 @@ func init() { flags.StringVar(&playKubeCommand.CertDir, "cert-dir", "", "`Pathname` of a directory containing TLS certificates and keys") flags.StringVar(&playKubeCommand.SignaturePolicy, "signature-policy", "", "`Pathname` of signature policy file (not usually used)") flags.BoolVar(&playKubeCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries") + flags.StringVar(&playKubeCommand.SeccompProfileRoot, "seccomp-profile-root", defaultSeccompRoot, "Directory path for seccomp profiles") markFlagHidden(flags, "signature-policy") } } |