diff options
| author | Valentin Rothberg <rothberg@redhat.com> | 2021-12-22 13:28:36 +0100 |
|---|---|---|
| committer | Valentin Rothberg <rothberg@redhat.com> | 2021-12-23 13:40:46 +0100 |
| commit | 1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13 (patch) | |
| tree | 5d0d0dd951ba6844cbbdc709669a0aa0275bc9eb /libpod/define | |
| parent | cbcab434254e62083b8b73cb73ba95c3bb150b4c (diff) | |
| download | podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.tar.gz podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.tar.bz2 podman-1aa4e4d4d183aa07ea7453e4be70d31eaa8edb13.zip | |
container creation: don't apply reserved annotations from image
Do not apply reserved annotations from the image to the container.
Reserved annotations are applied during container creation to retrieve
certain information (e.g., custom seccomp profile or autoremoval)
once a container has been created.
Context: #12671
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'libpod/define')
| -rw-r--r-- | libpod/define/annotations.go | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/libpod/define/annotations.go b/libpod/define/annotations.go index f6b1c06ea..3964a1237 100644 --- a/libpod/define/annotations.go +++ b/libpod/define/annotations.go @@ -66,3 +66,15 @@ const ( // annotation. InspectResponseFalse = "FALSE" ) + +// IsReservedAnnotation returns true if the specified value corresponds to an +// already reserved annotation that Podman sets during container creation. +func IsReservedAnnotation(value string) bool { + switch value { + case InspectAnnotationCIDFile, InspectAnnotationAutoremove, InspectAnnotationVolumesFrom, InspectAnnotationPrivileged, InspectAnnotationPublishAll, InspectAnnotationInit, InspectAnnotationLabel, InspectAnnotationSeccomp, InspectAnnotationApparmor, InspectResponseTrue, InspectResponseFalse: + return true + + default: + return false + } +} |