diff options
| author | Daniel J Walsh <dwalsh@redhat.com> | 2020-04-15 14:48:53 -0400 |
|---|---|---|
| committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-04-15 16:52:16 -0400 |
| commit | c4ca3c71ffe3c08bc74158340b3427d00efdfe32 (patch) | |
| tree | 46a81877ca430ebf3f2161f6b582773fd3dd869d /libpod/runtime.go | |
| parent | 195cb11276d61311bbd2b5274ac7a98b62abaaba (diff) | |
| download | podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.tar.gz podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.tar.bz2 podman-c4ca3c71ffe3c08bc74158340b3427d00efdfe32.zip | |
Add support for selecting kvm and systemd labels
In order to better support kata containers and systemd containers
container-selinux has added new types. Podman should execute the
container with an SELinux process label to match the container type.
Traditional Container process : container_t
KVM Container Process: containre_kvm_t
PID 1 Init process: container_init_t
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'libpod/runtime.go')
| -rw-r--r-- | libpod/runtime.go | 19 |
1 files changed, 2 insertions, 17 deletions
diff --git a/libpod/runtime.go b/libpod/runtime.go index a6032ad23..e54f51af1 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -359,25 +359,13 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { } } - // Make lookup tables for runtime support - supportsJSON := make(map[string]bool) - supportsNoCgroups := make(map[string]bool) - for _, r := range runtime.config.Engine.RuntimeSupportsJSON { - supportsJSON[r] = true - } - for _, r := range runtime.config.Engine.RuntimeSupportsNoCgroups { - supportsNoCgroups[r] = true - } - // Get us at least one working OCI runtime. runtime.ociRuntimes = make(map[string]OCIRuntime) // Initialize remaining OCI runtimes for name, paths := range runtime.config.Engine.OCIRuntimes { - json := supportsJSON[name] - nocgroups := supportsNoCgroups[name] - ociRuntime, err := newConmonOCIRuntime(name, paths, runtime.conmonPath, runtime.config, json, nocgroups) + ociRuntime, err := newConmonOCIRuntime(name, paths, runtime.conmonPath, runtime.config) if err != nil { // Don't fatally error. // This will allow us to ship configs including optional @@ -397,10 +385,7 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (err error) { if strings.HasPrefix(runtime.config.Engine.OCIRuntime, "/") { name := filepath.Base(runtime.config.Engine.OCIRuntime) - json := supportsJSON[name] - nocgroups := supportsNoCgroups[name] - - ociRuntime, err := newConmonOCIRuntime(name, []string{runtime.config.Engine.OCIRuntime}, runtime.conmonPath, runtime.config, json, nocgroups) + ociRuntime, err := newConmonOCIRuntime(name, []string{runtime.config.Engine.OCIRuntime}, runtime.conmonPath, runtime.config) if err != nil { return err } |