Add support for SecurityLabelNested flag in quadlet

This flag will allow us to run nested containers within a quadlet service. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-06-01 17:17:47 +08:00 · 2023-06-05 14:01:37 -04:00
parent 6f38a72c2a
commit 3b79f241b1
5 changed files with 19 additions and 0 deletions
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@ -128,6 +128,7 @@ Valid options for `[Container]` are listed below:
 | SecurityLabelDisable=true      | --security-opt label=disable                         |
 | SecurityLabelFileType=usr_t    | --security-opt label=filetype:usr_t                  |
 | SecurityLabelLevel=s0:c1,c2    | --security-opt label=level:s0:c1,c2                  |
+| SecurityLabelNested=true       | --security-opt label=nested                          |
 | SecurityLabelType=spc_t        | --security-opt label=type:spc_t                      |
 | Timezone=local                 | --tz local                                           |
 | Tmpfs=/work                    | --tmpfs /work                                        |
@ -424,6 +425,10 @@ Set the label file type for the container files.

 Set the label process level for the container processes.

+### `SecurityLabelNested=`
+
+Allow SecurityLabels to function within the container. This allows separation of containers created within the container.
+
 ### `SecurityLabelType=`

 Set the label process type for the container processes.