vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

*: allow to not use pivot_root

Browse source 
runc has a `--no-pivot` flag, that uses MS_MOVE instead.

This patch set bubbles up a runtime config to enable using no-pivot
globally.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
Vincent Batts 2017-09-22 10:50:48 -04:00
parent 0ff3580f05
commit d6a44bf111
Signed by: vbatts
GPG key ID: 10937E57733F1362
5 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
libkpod/config.go
View file

@ -118,6 +118,9 @@ type RuntimeConfig struct {
// container runtime for all containers.
DefaultWorkloadTrust string `toml:"default_workload_trust"`
// NoPivot instructs the runtime to not use `pivot_root`, but instead use `MS_MOVE`
NoPivot bool `toml:"no_pivot"`
// Conmon is the path to conmon binary, used for managing the runtime.
Conmon string `toml:"conmon"`

2
libkpod/container_server.go
View file

@ -121,7 +121,7 @@ func New(config *Config) (*ContainerServer, error) {
return nil, err
}
runtime, err := oci.New(config.Runtime, config.RuntimeUntrustedWorkload, config.DefaultWorkloadTrust, config.Conmon, config.ConmonEnv, config.CgroupManager, config.ContainerExitsDir, config.LogSizeMax)
runtime, err := oci.New(config.Runtime, config.RuntimeUntrustedWorkload, config.DefaultWorkloadTrust, config.Conmon, config.ConmonEnv, config.CgroupManager, config.ContainerExitsDir, config.LogSizeMax, config.NoPivot)
if err != nil {
return nil, err
}