summaryrefslogtreecommitdiff
path: root/pkg/domain/entities/pods.go
diff options
context:
space:
mode:
authorcdoern <cdoern@redhat.com>2022-01-10 20:25:08 -0500
committercdoern <cdoern@redhat.com>2022-01-12 20:49:04 -0500
commitf257d983943d6ec2253d50a245cd4810cab45e4b (patch)
tree0033ace566bfd2a4e977d85b11f87d6e43b43c65 /pkg/domain/entities/pods.go
parent7a839f7a745ed5171e2a469f6ebec34b5084c3d8 (diff)
downloadpodman-f257d983943d6ec2253d50a245cd4810cab45e4b.tar.gz
podman-f257d983943d6ec2253d50a245cd4810cab45e4b.tar.bz2
podman-f257d983943d6ec2253d50a245cd4810cab45e4b.zip
Podman Pod Create --sysctl support
added support for pod wide sysctls. The sysctls supported are the same as the continer run controls. These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl resolves #12747 Signed-off-by: cdoern <cdoern@redhat.com>
Diffstat (limited to 'pkg/domain/entities/pods.go')
-rw-r--r--pkg/domain/entities/pods.go12
1 files changed, 11 insertions, 1 deletions
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 1b5a1be51..cc9476d79 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -139,6 +139,7 @@ type PodCreateOptions struct {
Volume []string `json:"volume,omitempty"`
VolumesFrom []string `json:"volumes_from,omitempty"`
SecurityOpt []string `json:"security_opt,omitempty"`
+ Sysctl []string `json:"sysctl,omitempty"`
}
// PodLogsOptions describes the options to extract pod logs.
@@ -240,7 +241,7 @@ type ContainerCreateOptions struct {
StorageOpts []string
SubUIDName string
SubGIDName string
- Sysctl []string
+ Sysctl []string `json:"sysctl,omitempty"`
Systemd string
Timeout uint
TLSVerify commonFlag.OptionalBool
@@ -360,6 +361,15 @@ func ToPodSpecGen(s specgen.PodSpecGenerator, p *PodCreateOptions) (*specgen.Pod
}
}
s.Userns = p.Userns
+ sysctl := map[string]string{}
+ if ctl := p.Sysctl; len(ctl) > 0 {
+ sysctl, err = util.ValidateSysctls(ctl)
+ if err != nil {
+ return nil, err
+ }
+ }
+ s.Sysctl = sysctl
+
return &s, nil
}