mirror of
https://github.com/containers/podman.git
synced 2025-11-29 01:28:22 +08:00
34166fc004
Tremendous amount of changes in here, but all should amount to the same thing: changing Go import paths from v5 to v6. Also bumped go.mod to github.com/containers/podman/v6 and updated version to v6.0.0-dev. Signed-off-by: Matt Heon <mheon@redhat.com>
38 lines
958 B
Go
38 lines
958 B
Go
//go:build !remote
|
|
|
|
package generate
|
|
|
|
import (
|
|
"github.com/containers/podman/v6/libpod"
|
|
"github.com/containers/podman/v6/pkg/specgen"
|
|
"github.com/opencontainers/runtime-tools/generate"
|
|
"go.podman.io/common/libimage"
|
|
"go.podman.io/common/pkg/config"
|
|
)
|
|
|
|
// setLabelOpts sets the label options of the SecurityConfig according to the
|
|
// input.
|
|
func setLabelOpts(_ *specgen.SpecGenerator, _ *libpod.Runtime, _ specgen.Namespace, _ specgen.Namespace) error {
|
|
return nil
|
|
}
|
|
|
|
func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, _ *libimage.Image, _ *config.Config) error {
|
|
// If this is a privileged container, change the devfs ruleset to expose all devices.
|
|
if s.IsPrivileged() {
|
|
for k, m := range g.Config.Mounts {
|
|
if m.Type == "devfs" {
|
|
m.Options = []string{
|
|
"ruleset=0",
|
|
}
|
|
g.Config.Mounts[k] = m
|
|
}
|
|
}
|
|
}
|
|
|
|
if s.ReadOnlyFilesystem != nil {
|
|
g.SetRootReadonly(*s.ReadOnlyFilesystem)
|
|
}
|
|
|
|
return nil
|
|
}
|