From c4ca3c71ffe3c08bc74158340b3427d00efdfe32 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Wed, 15 Apr 2020 14:48:53 -0400
Subject: Add support for selecting kvm and systemd labels

In order to better support kata containers and systemd containers
container-selinux has added new types. Podman should execute the
container with an SELinux process label to match the container type.

Traditional Container process : container_t
KVM Container Process: containre_kvm_t
PID 1 Init process: container_init_t

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 libpod/oci.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libpod/oci.go')

diff --git a/libpod/oci.go b/libpod/oci.go
index 6adf42497..9991c5625 100644
--- a/libpod/oci.go
+++ b/libpod/oci.go
@@ -103,6 +103,9 @@ type OCIRuntime interface {
 	// SupportsNoCgroups is whether the runtime supports running containers
 	// without cgroups.
 	SupportsNoCgroups() bool
+	// SupportsKVM os whether the OCI runtime supports running containers
+	// without KVM separation
+	SupportsKVM() bool
 
 	// AttachSocketPath is the path to the socket to attach to a given
 	// container.
-- 
cgit v1.2.3-54-g00ecf