diff options
Diffstat (limited to 'cmd/podman/shared')
| -rw-r--r-- | cmd/podman/shared/create.go | 10 | ||||
| -rw-r--r-- | cmd/podman/shared/intermediate.go | 1 |
2 files changed, 5 insertions, 6 deletions
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 3062b0ca3..be5adcccb 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -22,6 +22,7 @@ import ( "github.com/containers/libpod/pkg/inspect" ns "github.com/containers/libpod/pkg/namespaces" "github.com/containers/libpod/pkg/rootless" + "github.com/containers/libpod/pkg/seccomp" cc "github.com/containers/libpod/pkg/spec" "github.com/containers/libpod/pkg/util" "github.com/docker/go-connections/nat" @@ -31,10 +32,6 @@ import ( "github.com/sirupsen/logrus" ) -// seccompLabelKey is the key of the image annotation embedding a seccomp -// profile. -const seccompLabelKey = "io.containers.seccomp.profile" - func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.Runtime) (*libpod.Container, *cc.CreateConfig, error) { var ( healthCheck *manifest.Schema2HealthConfig @@ -713,11 +710,11 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. // SECCOMP if data != nil { - if value, exists := labels[seccompLabelKey]; exists { + if value, exists := labels[seccomp.ContainerImageLabel]; exists { secConfig.SeccompProfileFromImage = value } } - if policy, err := cc.LookupSeccompPolicy(c.String("seccomp-policy")); err != nil { + if policy, err := seccomp.LookupPolicy(c.String("seccomp-policy")); err != nil { return nil, err } else { secConfig.SeccompPolicy = policy @@ -761,6 +758,7 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. CPURtPeriod: c.Uint64("cpu-rt-period"), CPURtRuntime: c.Int64("cpu-rt-runtime"), CPUs: c.Float64("cpus"), + DeviceCgroupRules: c.StringSlice("device-cgroup-rule"), DeviceReadBps: c.StringSlice("device-read-bps"), DeviceReadIOps: c.StringSlice("device-read-iops"), DeviceWriteBps: c.StringSlice("device-write-bps"), diff --git a/cmd/podman/shared/intermediate.go b/cmd/podman/shared/intermediate.go index cfb3f612c..ee212234f 100644 --- a/cmd/podman/shared/intermediate.go +++ b/cmd/podman/shared/intermediate.go @@ -386,6 +386,7 @@ func NewIntermediateLayer(c *cliconfig.PodmanCommand, remote bool) GenericCLIRes m["detach"] = newCRBool(c, "detach") m["detach-keys"] = newCRString(c, "detach-keys") m["device"] = newCRStringSlice(c, "device") + m["device-cgroup-rule"] = newCRStringSlice(c, "device-cgroup-rule") m["device-read-bps"] = newCRStringSlice(c, "device-read-bps") m["device-read-iops"] = newCRStringSlice(c, "device-read-iops") m["device-write-bps"] = newCRStringSlice(c, "device-write-bps") |