From feff414ae1d4ca68b3341fa37c4abf8fc90a55f8 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 4 Aug 2020 23:01:55 +0200
Subject: run, create: add new security-opt proc-opts

it allows to customize the options passed down to the OCI runtime for
setting up the /proc mount.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/spec/createconfig.go | 1 +
 pkg/spec/security.go     | 2 ++
 2 files changed, 3 insertions(+)

(limited to 'pkg/spec')

diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index 40f9bc029..c49d51fc5 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -125,6 +125,7 @@ type SecurityConfig struct {
 	ReadOnlyRootfs          bool              //read-only
 	ReadOnlyTmpfs           bool              //read-only-tmpfs
 	Sysctl                  map[string]string //sysctl
+	ProcOpts                []string
 }
 
 // CreateConfig is a pre OCI spec structure.  It represents user input from varlink or the CLI
diff --git a/pkg/spec/security.go b/pkg/spec/security.go
index fc908b49d..e152e3495 100644
--- a/pkg/spec/security.go
+++ b/pkg/spec/security.go
@@ -76,6 +76,8 @@ func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts [
 			}
 
 			switch con[0] {
+			case "proc-opts":
+				c.ProcOpts = strings.Split(con[1], ",")
 			case "label":
 				c.LabelOpts = append(c.LabelOpts, con[1])
 			case "apparmor":
-- 
cgit v1.2.3-54-g00ecf