summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2020-08-04 23:01:55 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2020-08-12 23:46:38 +0200
commitfeff414ae1d4ca68b3341fa37c4abf8fc90a55f8 (patch)
tree50a3c0f902c91196eaee30c6255bdf27b01598fa /pkg/specgen/generate
parentd777a7bd5c920ce3cf06c4eba25068747dbc6b8f (diff)
downloadpodman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.tar.gz
podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.tar.bz2
podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.zip
run, create: add new security-opt proc-opts
it allows to customize the options passed down to the OCI runtime for setting up the /proc mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r--pkg/specgen/generate/oci.go14
1 files changed, 14 insertions, 0 deletions
diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index ee9f63680..fd324c6e1 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -18,6 +18,18 @@ import (
"golang.org/x/sys/unix"
)
+func setProcOpts(s *specgen.SpecGenerator, g *generate.Generator) {
+ if s.ProcOpts == nil {
+ return
+ }
+ for i := range g.Config.Mounts {
+ if g.Config.Mounts[i].Destination == "/proc" {
+ g.Config.Mounts[i].Options = s.ProcOpts
+ return
+ }
+ }
+}
+
func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
var (
isRootless = rootless.IsRootless()
@@ -341,6 +353,8 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseFalse
}
+ setProcOpts(s, &g)
+
return configSpec, nil
}