run, create: add new security-opt proc-opts

it allows to customize the options passed down to the OCI runtime for setting up the /proc mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
author: Giuseppe Scrivano <gscrivan@redhat.com> 2020-08-04 23:01:55 +0200
committer: Giuseppe Scrivano <gscrivan@redhat.com> 2020-08-12 23:46:38 +0200
commit: feff414ae1d4ca68b3341fa37c4abf8fc90a55f8 (patch)
tree: 50a3c0f902c91196eaee30c6255bdf27b01598fa /pkg/specgen/specgen.go
parent: d777a7bd5c920ce3cf06c4eba25068747dbc6b8f (diff)
download: podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.tar.gz
podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.tar.bz2
podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 84a6c36a0..a9161071b 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -289,6 +289,8 @@ type ContainerSecurityConfig struct {
 	ReadOnlyFilesystem bool `json:"read_only_filesystem,omittempty"`
 	// Umask is the umask the init process of the container will be run with.
 	Umask string `json:"umask,omitempty"`
+	// ProcOpts are the options used for the proc mount.
+	ProcOpts []string `json:"procfs_opts,omitempty"`
 }
 
 // ContainerCgroupConfig contains configuration information about a container's
author	Giuseppe Scrivano <gscrivan@redhat.com>	2020-08-04 23:01:55 +0200
committer	Giuseppe Scrivano <gscrivan@redhat.com>	2020-08-12 23:46:38 +0200
commit	feff414ae1d4ca68b3341fa37c4abf8fc90a55f8 (patch)
tree	50a3c0f902c91196eaee30c6255bdf27b01598fa /pkg/specgen/specgen.go
parent	d777a7bd5c920ce3cf06c4eba25068747dbc6b8f (diff)
download	podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.tar.gz podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.tar.bz2 podman-feff414ae1d4ca68b3341fa37c4abf8fc90a55f8.zip