summaryrefslogtreecommitdiff
path: root/cmd/podman/common/specgen.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/podman/common/specgen.go')
-rw-r--r--cmd/podman/common/specgen.go38
1 files changed, 14 insertions, 24 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go
index eca0da32b..f17077484 100644
--- a/cmd/podman/common/specgen.go
+++ b/cmd/podman/common/specgen.go
@@ -7,14 +7,12 @@ import (
"strings"
"time"
- "github.com/containers/common/pkg/config"
"github.com/containers/image/v5/manifest"
"github.com/containers/libpod/v2/cmd/podman/parse"
"github.com/containers/libpod/v2/libpod/define"
ann "github.com/containers/libpod/v2/pkg/annotations"
envLib "github.com/containers/libpod/v2/pkg/env"
ns "github.com/containers/libpod/v2/pkg/namespaces"
- "github.com/containers/libpod/v2/pkg/rootless"
"github.com/containers/libpod/v2/pkg/specgen"
systemdGen "github.com/containers/libpod/v2/pkg/systemd/generate"
"github.com/containers/libpod/v2/pkg/util"
@@ -127,25 +125,6 @@ func getIOLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.LinuxBlo
return io, nil
}
-func getPidsLimits(c *ContainerCLIOpts) *specs.LinuxPids {
- pids := &specs.LinuxPids{}
- if c.CGroupsMode == "disabled" && c.PIDsLimit != 0 {
- return nil
- }
- if c.PIDsLimit < 0 {
- if rootless.IsRootless() && containerConfig.Engine.CgroupManager != config.SystemdCgroupsManager {
- return nil
- }
- pids.Limit = containerConfig.PidsLimit()
- return pids
- }
- if c.PIDsLimit > 0 {
- pids.Limit = c.PIDsLimit
- return pids
- }
- return nil
-}
-
func getMemoryLimits(s *specgen.SpecGenerator, c *ContainerCLIOpts) (*specs.LinuxMemory, error) {
var err error
memory := &specs.LinuxMemory{}
@@ -401,6 +380,9 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
}
var command []string
+ // Include the command used to create the container.
+ s.ContainerCreateCommand = os.Args
+
// Build the command
// If we have an entry point, it goes first
if c.Entrypoint != nil {
@@ -457,7 +439,13 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
if err != nil {
return err
}
- s.ResourceLimits.Pids = getPidsLimits(c)
+ if c.PIDsLimit != nil {
+ pids := specs.LinuxPids{
+ Limit: *c.PIDsLimit,
+ }
+
+ s.ResourceLimits.Pids = &pids
+ }
s.ResourceLimits.CPU = getCPULimits(c)
if s.ResourceLimits.CPU == nil && s.ResourceLimits.Pids == nil && s.ResourceLimits.BlockIO == nil && s.ResourceLimits.Memory == nil {
s.ResourceLimits = nil
@@ -525,8 +513,10 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string
s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1])
s.Annotations[define.InspectAnnotationLabel] = strings.Join(s.ContainerSecurityConfig.SelinuxOpts, ",label=")
case "apparmor":
- s.ContainerSecurityConfig.ApparmorProfile = con[1]
- s.Annotations[define.InspectAnnotationApparmor] = con[1]
+ if !c.Privileged {
+ s.ContainerSecurityConfig.ApparmorProfile = con[1]
+ s.Annotations[define.InspectAnnotationApparmor] = con[1]
+ }
case "seccomp":
s.SeccompProfilePath = con[1]
s.Annotations[define.InspectAnnotationSeccomp] = con[1]
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-19 09:46:11 +0000