diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-04-16 05:29:19 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-16 05:29:19 -0700 |
commit | 09e821a8eae603174c809bcc4af641d4ed5dc35c (patch) | |
tree | 6f2d4a5361cca06dce3b902ce7c71336f1cbf7d1 /vendor/github.com | |
parent | 084cfb81da4f3f3e06ad35bfb3ea52027f62273b (diff) | |
parent | c4ca3c71ffe3c08bc74158340b3427d00efdfe32 (diff) | |
download | podman-09e821a8eae603174c809bcc4af641d4ed5dc35c.tar.gz podman-09e821a8eae603174c809bcc4af641d4ed5dc35c.tar.bz2 podman-09e821a8eae603174c809bcc4af641d4ed5dc35c.zip |
Merge pull request #5690 from rhatdan/selinux
Add support for selecting kvm and systemd labels
Diffstat (limited to 'vendor/github.com')
3 files changed, 18 insertions, 0 deletions
diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index ef21f1d9f..bddbee876 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -87,6 +87,9 @@ type ContainersConfig struct { // Default way to create a cgroup namespace for the container CgroupNS string `toml:"cgroupns"` + // Default cgroup configuration + Cgroups string `toml:"cgroups"` + // Capabilities to add to all containers. DefaultCapabilities []string `toml:"default_capabilities"` diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index fbc691f1d..a029aedeb 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -47,6 +47,15 @@ # # cgroupns = "private" +# Control container cgroup configuration +# Determines whether the container will create CGroups. +# Options are: +# `enabled` Enable cgroup support within container +# `disabled` Disable cgroup support, will inherit cgroups from parent +# `no-conmon` Container engine runs run without conmon +# +# cgroups = "enabled" + # List of default capabilities for containers. If it is empty or commented out, # the default capabilities defined in the container engine will be added. # diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 5f3af1f8d..8b87d3725 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -148,6 +148,7 @@ func DefaultConfig() (*Config, error) { Annotations: []string{}, ApparmorProfile: DefaultApparmorProfile, CgroupNS: "private", + Cgroups: "enabled", DefaultCapabilities: DefaultCapabilities, DefaultSysctls: []string{}, DefaultUlimits: getDefaultProcessLimits(), @@ -439,6 +440,11 @@ func (c *Config) CgroupNS() string { return c.Containers.CgroupNS } +// Cgroups returns whether to containers with cgroup confinement +func (c *Config) Cgroups() string { + return c.Containers.Cgroups +} + // UTSNS returns the default UTS Namespace configuration to run containers with func (c *Config) UTSNS() string { return c.Containers.UTSNS |