diff options
Diffstat (limited to 'cmd/podman/shared/create.go')
| -rw-r--r-- | cmd/podman/shared/create.go | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 2f637694b..be5adcccb 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -22,6 +22,7 @@ import ( "github.com/containers/libpod/pkg/inspect" ns "github.com/containers/libpod/pkg/namespaces" "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/seccomp" cc "github.com/containers/libpod/pkg/spec" "github.com/containers/libpod/pkg/util" "github.com/docker/go-connections/nat" @@ -31,10 +32,6 @@ import ( "github.com/sirupsen/logrus" ) -// seccompLabelKey is the key of the image annotation embedding a seccomp -// profile. -const seccompLabelKey = "io.containers.seccomp.profile" - func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) { var ( healthCheck *manifest.Schema2HealthConfig @@ -109,11 +106,11 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod. } if overrideOS == "" && imageData.Os != goruntime.GOOS { - return nil, nil, errors.Errorf("incompatible image OS %q on %q host", imageData.Os, goruntime.GOOS) + logrus.Infof("Using %q (OS) image on %q host", imageData.Os, goruntime.GOOS) } if overrideArch == "" && imageData.Architecture != goruntime.GOARCH { - return nil, nil, errors.Errorf("incompatible image architecture %q on %q host", imageData.Architecture, goruntime.GOARCH) + logrus.Infof("Using %q (architecture) on %q host", imageData.Architecture, goruntime.GOARCH) } names := newImage.Names() @@ -309,9 +306,13 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. } } if c.String("memory-swap") != "" { - memorySwap, err = units.RAMInBytes(c.String("memory-swap")) - if err != nil { - return nil, errors.Wrapf(err, "invalid value for memory-swap") + if c.String("memory-swap") == "-1" { + memorySwap = -1 + } else { + memorySwap, err = units.RAMInBytes(c.String("memory-swap")) + if err != nil { + return nil, errors.Wrapf(err, "invalid value for memory-swap") + } } } if c.String("kernel-memory") != "" { @@ -709,11 +710,11 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. // SECCOMP if data != nil { - if value, exists := labels[seccompLabelKey]; exists { + if value, exists := labels[seccomp.ContainerImageLabel]; exists { secConfig.SeccompProfileFromImage = value } } - if policy, err := cc.LookupSeccompPolicy(c.String("seccomp-policy")); err != nil { + if policy, err := seccomp.LookupPolicy(c.String("seccomp-policy")); err != nil { return nil, err } else { secConfig.SeccompPolicy = policy @@ -757,6 +758,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. CPURtPeriod: c.Uint64("cpu-rt-period"), CPURtRuntime: c.Int64("cpu-rt-runtime"), CPUs: c.Float64("cpus"), + DeviceCgroupRules: c.StringSlice("device-cgroup-rule"), DeviceReadBps: c.StringSlice("device-read-bps"), DeviceReadIOps: c.StringSlice("device-read-iops"), DeviceWriteBps: c.StringSlice("device-write-bps"), |