Add support for selecting kvm and systemd labels

In order to better support kata containers and systemd containers container-selinux has added new types. Podman should execute the container with an SELinux process label to match the container type. Traditional Container process : container_t KVM Container Process: containre_kvm_t PID 1 Init process: container_init_t Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
author: Daniel J Walsh <dwalsh@redhat.com> 2020-04-15 14:48:53 -0400
committer: Daniel J Walsh <dwalsh@redhat.com> 2020-04-15 16:52:16 -0400
commit: c4ca3c71ffe3c08bc74158340b3427d00efdfe32 (patch)
tree: 46a81877ca430ebf3f2161f6b582773fd3dd869d /libpod/oci.go
parent: 195cb11276d61311bbd2b5274ac7a98b62abaaba (diff)
download: podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.tar.gz
podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.tar.bz2
podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/libpod/oci.go b/libpod/oci.go
index 6adf42497..9991c5625 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -103,6 +103,9 @@ type OCIRuntime interface {
 	// SupportsNoCgroups is whether the runtime supports running containers
 	// without cgroups.
 	SupportsNoCgroups() bool
+	// SupportsKVM os whether the OCI runtime supports running containers
+	// without KVM separation
+	SupportsKVM() bool
 
 	// AttachSocketPath is the path to the socket to attach to a given
 	// container.
author	Daniel J Walsh <dwalsh@redhat.com>	2020-04-15 14:48:53 -0400
committer	Daniel J Walsh <dwalsh@redhat.com>	2020-04-15 16:52:16 -0400
commit	c4ca3c71ffe3c08bc74158340b3427d00efdfe32 (patch)
tree	46a81877ca430ebf3f2161f6b582773fd3dd869d /libpod/oci.go
parent	195cb11276d61311bbd2b5274ac7a98b62abaaba (diff)
download	podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.tar.gz podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.tar.bz2 podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.zip