opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-05-22 17:46:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
23,440 Commits 50 Branches 246 Tags
Commit Graph

5 Commits

Author SHA1 Message Date
Oleksandr Redko
2a2d0b0e18 chore: delete obsolete // +build lines 
Signed-off-by: Oleksandr Redko <Oleksandr_Redko@epam.com>
 2024-01-04 11:53:38 +02:00
Paul Holzinger
c1b6effac5 add !remote tag to pkg/specgen/generate 
These files should never be included on the remote client. There only
there to finalize the spec on the server side.

This makes sure it will not get reimported by accident and bloat the
remote client again.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2023-09-14 11:21:00 +02:00
Doug Rabson
d50054f1e4 pkg/specgen: Add device support for FreeBSD 
On FreeBSD, each container has its own devfs instance with a ruleset
that controls what the container can see. To expose devices to a
container we add rules to its devfs to make the requested devices
visible. For privileged containers, we use 'ruleset=0' which makes
everything visible.

This shares the ParseDevice function with Linux so it moves to
config_common.go from config_linux.go.

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2023-08-04 10:11:14 +01:00
Doug Rabson
eee2817dec pkg/specgen: Don't crash for device spec with... 
...empty destination path

This fixes a server-side crash for command lines like:

  # podman run -ti --rm --device /dev/mem::rw alpine sh

Fixes #19335.

Signed-off-by: Doug Rabson <dfr@rabson.org>
 2023-07-24 17:22:36 +01:00
Daniel J Walsh
4fd1965ab4 Add filepath glob support to --security-opt unmask 
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2021-05-04 14:40:43 -04:00