From feff414ae1d4ca68b3341fa37c4abf8fc90a55f8 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 4 Aug 2020 23:01:55 +0200
Subject: run, create: add new security-opt proc-opts

it allows to customize the options passed down to the OCI runtime for
setting up the /proc mount.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/specgen/generate/oci.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'pkg/specgen/generate')

diff --git a/pkg/specgen/generate/oci.go b/pkg/specgen/generate/oci.go
index ee9f63680..fd324c6e1 100644
--- a/pkg/specgen/generate/oci.go
+++ b/pkg/specgen/generate/oci.go
@@ -18,6 +18,18 @@ import (
 	"golang.org/x/sys/unix"
 )
 
+func setProcOpts(s *specgen.SpecGenerator, g *generate.Generator) {
+	if s.ProcOpts == nil {
+		return
+	}
+	for i := range g.Config.Mounts {
+		if g.Config.Mounts[i].Destination == "/proc" {
+			g.Config.Mounts[i].Options = s.ProcOpts
+			return
+		}
+	}
+}
+
 func addRlimits(s *specgen.SpecGenerator, g *generate.Generator) error {
 	var (
 		isRootless = rootless.IsRootless()
@@ -341,6 +353,8 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		configSpec.Annotations[define.InspectAnnotationInit] = define.InspectResponseFalse
 	}
 
+	setProcOpts(s, &g)
+
 	return configSpec, nil
 }
 
-- 
cgit v1.2.3-54-g00ecf