summaryrefslogtreecommitdiff
path: root/cmd/podman/common/default.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/common/default.go')
-rw-r--r--cmd/podman/common/default.go135
1 files changed, 135 insertions, 0 deletions
diff --git a/cmd/podman/common/default.go b/cmd/podman/common/default.go
new file mode 100644
index 000000000..853f87ab6
--- /dev/null
+++ b/cmd/podman/common/default.go
@@ -0,0 +1,135 @@
+package common
+
+import (
+ "fmt"
+ "os"
+
+ "github.com/containers/buildah/pkg/parse"
+ "github.com/containers/libpod/pkg/apparmor"
+ "github.com/containers/libpod/pkg/cgroups"
+ "github.com/containers/libpod/pkg/rootless"
+ "github.com/containers/libpod/pkg/specgen"
+ "github.com/containers/libpod/pkg/sysinfo"
+ "github.com/opencontainers/selinux/go-selinux"
+)
+
+var (
+ // DefaultHealthCheckInterval default value
+ DefaultHealthCheckInterval = "30s"
+ // DefaultHealthCheckRetries default value
+ DefaultHealthCheckRetries uint = 3
+ // DefaultHealthCheckStartPeriod default value
+ DefaultHealthCheckStartPeriod = "0s"
+ // DefaultHealthCheckTimeout default value
+ DefaultHealthCheckTimeout = "30s"
+ // DefaultImageVolume default value
+ DefaultImageVolume = "bind"
+)
+
+// TODO these options are directly embedded into many of the CLI cobra values, as such
+// this approach will not work in a remote client. so we will need to likely do something like a
+// supported and unsupported approach here and backload these options into the specgen
+// once we are "on" the host system.
+func getDefaultSecurityOptions() []string {
+ securityOpts := []string{}
+ if containerConfig.Containers.SeccompProfile != "" && containerConfig.Containers.SeccompProfile != parse.SeccompDefaultPath {
+ securityOpts = append(securityOpts, fmt.Sprintf("seccomp=%s", containerConfig.Containers.SeccompProfile))
+ }
+ if apparmor.IsEnabled() && containerConfig.Containers.ApparmorProfile != "" {
+ securityOpts = append(securityOpts, fmt.Sprintf("apparmor=%s", containerConfig.Containers.ApparmorProfile))
+ }
+ if selinux.GetEnabled() && !containerConfig.Containers.EnableLabeling {
+ securityOpts = append(securityOpts, fmt.Sprintf("label=%s", selinux.DisableSecOpt()[0]))
+ }
+ return securityOpts
+}
+
+// getDefaultSysctls
+func getDefaultSysctls() []string {
+ return containerConfig.Containers.DefaultSysctls
+}
+
+func getDefaultVolumes() []string {
+ return containerConfig.Containers.Volumes
+}
+
+func getDefaultDevices() []string {
+ return containerConfig.Containers.Devices
+}
+
+func getDefaultDNSServers() []string { //nolint
+ return containerConfig.Containers.DNSServers
+}
+
+func getDefaultDNSSearches() []string { //nolint
+ return containerConfig.Containers.DNSSearches
+}
+
+func getDefaultDNSOptions() []string { //nolint
+ return containerConfig.Containers.DNSOptions
+}
+
+func getDefaultEnv() []string {
+ return containerConfig.Containers.Env
+}
+
+func getDefaultInitPath() string {
+ return containerConfig.Containers.InitPath
+}
+
+func getDefaultIPCNS() string {
+ return containerConfig.Containers.IPCNS
+}
+
+func getDefaultPidNS() string {
+ return containerConfig.Containers.PidNS
+}
+
+func getDefaultNetNS() string { //nolint
+ if containerConfig.Containers.NetNS == string(specgen.Private) && rootless.IsRootless() {
+ return string(specgen.Slirp)
+ }
+ return containerConfig.Containers.NetNS
+}
+
+func getDefaultCgroupNS() string {
+ return containerConfig.Containers.CgroupNS
+}
+
+func getDefaultUTSNS() string {
+ return containerConfig.Containers.UTSNS
+}
+
+func getDefaultShmSize() string {
+ return containerConfig.Containers.ShmSize
+}
+
+func getDefaultUlimits() []string {
+ return containerConfig.Containers.DefaultUlimits
+}
+
+func getDefaultUserNS() string {
+ userns := os.Getenv("PODMAN_USERNS")
+ if userns != "" {
+ return userns
+ }
+ return containerConfig.Containers.UserNS
+}
+
+func getDefaultPidsLimit() int64 {
+ if rootless.IsRootless() {
+ cgroup2, _ := cgroups.IsCgroup2UnifiedMode()
+ if cgroup2 {
+ return containerConfig.Containers.PidsLimit
+ }
+ }
+ return sysinfo.GetDefaultPidsLimit()
+}
+
+func getDefaultPidsDescription() string {
+ return "Tune container pids limit (set 0 for unlimited)"
+}
+
+func GetDefaultDetachKeys() string {
+ return containerConfig.Engine.DetachKeys
+}