diff options
author | Matthew Heon <matthew.heon@gmail.com> | 2018-09-17 15:49:50 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-09-17 22:13:42 +0000 |
commit | e4770b82895659278b67a1bddb1a5acd8d785f59 (patch) | |
tree | 4d93b02adcbeb609a097e7bc23b1f2b7033f7752 /pkg/spec | |
parent | 28a2bf827ae9f592ddd9e5c11277606d32cf329c (diff) | |
download | podman-e4770b82895659278b67a1bddb1a5acd8d785f59.tar.gz podman-e4770b82895659278b67a1bddb1a5acd8d785f59.tar.bz2 podman-e4770b82895659278b67a1bddb1a5acd8d785f59.zip |
Small updates to OCI spec generation
Firstly, when adding the privileged catch-all resource device,
first remove the spec's default catch-all resource device.
Second, remove our default rootfs propogation config - Docker
does not set this by default, so I don't think we should either.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1491
Approved by: TomSweeneyRedHat
Diffstat (limited to 'pkg/spec')
-rw-r--r-- | pkg/spec/config_linux.go | 3 | ||||
-rw-r--r-- | pkg/spec/spec.go | 3 |
2 files changed, 3 insertions, 3 deletions
diff --git a/pkg/spec/config_linux.go b/pkg/spec/config_linux.go index ea04b95bd..6c0a99419 100644 --- a/pkg/spec/config_linux.go +++ b/pkg/spec/config_linux.go @@ -60,6 +60,9 @@ func (c *CreateConfig) addPrivilegedDevices(g *generate.Generator) error { for _, d := range hostDevices { g.AddDevice(Device(d)) } + + // Add resources device - need to clear the existing one first. + g.Spec().Linux.Resources.Devices = nil g.AddLinuxResourcesDevice(true, "", nil, nil, "rwm") return nil } diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 5757a36fe..3634b0b33 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -337,9 +337,6 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint configSpec.Mounts = mounts } - if err := g.SetLinuxRootPropagation("shared"); err != nil { - return nil, errors.Wrapf(err, "failed to set propagation to rslave") - } if canAddResources { // BLOCK IO blkio, err := config.CreateBlockIO() |