hooks: Add pre-create hooks for runtime-config manipulation - containers/podman.git - forked from: https://github.com/containers/podman.git

diff options

author	W. Trevor King <wking@tremily.us>	2018-11-19 09:22:32 -0800
committer	W. Trevor King <wking@tremily.us>	2019-01-08 21:06:17 -0800
commit	f6a2b6bf2b923a148792cc141ec4c27b5889c077 (patch)
tree	e4f6ba1dff72d3e597edcc2bce304fdd5b3849eb /seccomp.json
parent	c9d63fe89d0a79b069b56249aaa4c168b47649c0 (diff)
download	podman-f6a2b6bf2b923a148792cc141ec4c27b5889c077.tar.gz podman-f6a2b6bf2b923a148792cc141ec4c27b5889c077.tar.bz2 podman-f6a2b6bf2b923a148792cc141ec4c27b5889c077.zip

hooks: Add pre-create hooks for runtime-config manipulation

There's been a lot of discussion over in [1] about how to support the NVIDIA folks and others who want to be able to create devices (possibly after having loaded kernel modules) and bind userspace libraries into the container. Currently that's happening in the middle of runc's create-time mount handling before the container pivots to its new root directory with runc's incorrectly-timed prestart hook trigger [2]. With this commit, we extend hooks with a 'precreate' stage to allow trusted parties to manipulate the config JSON before calling the runtime's 'create'. I'm recycling the existing Hook schema from pkg/hooks for this, because we'll want Timeout for reliability and When to avoid the expense of fork/exec when a given hook does not need to make config changes [3]. [1]: https://github.com/opencontainers/runc/pull/1811 [2]: https://github.com/opencontainers/runc/issues/1710 [3]: https://github.com/containers/libpod/issues/1828#issuecomment-439888059 Signed-off-by: W. Trevor King <wking@tremily.us>

Diffstat (limited to 'seccomp.json')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: