opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-17 15:18:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add support for selecting kvm and systemd labels

Browse Source 
In order to better support kata containers and systemd containers
container-selinux has added new types. Podman should execute the
container with an SELinux process label to match the container type.

Traditional Container process : container_t
KVM Container Process: containre_kvm_t
PID 1 Init process: container_init_t

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2020-04-15 14:48:53 -04:00
parent 195cb11276
commit c4ca3c71ff
14 changed files with 117 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libpod/oci_missing.go
View File

@ -168,6 +168,12 @@ func (r *MissingRuntime) SupportsNoCgroups() bool {
return false
}
// SupportsKVM checks if the OCI runtime supports running containers
// without KVM separation
func (r *MissingRuntime) SupportsKVM() bool {
return false
}
// AttachSocketPath does not work as there is no runtime to attach to.
// (Theoretically we could follow ExitFilePath but there is no guarantee the
// container is running and thus has an attach socket...)