vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
cri-o/server
History
Samuel Ortiz 2ec696be41 server: Set sandbox and container privileged flags 
The sandbox privileged flag is set to true only if either the
pod configuration privileged flag is set to true or when any
of the pod namespaces are the host ones.

A container inherit its privileged flag from its sandbox, and
will be run by the privileged runtime only if it's set to true.
In other words, the privileged runtime (when defined) will be
when one of the below conditions is true:

- The sandbox will be asked to run at least one privileged container.
- The sandbox requires access to either the host IPC or networking
  namespaces.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-03-03 19:06:04 +01:00
..
apparmor Do not load ocid-default if configured apparmor profile is set up. 2016-12-12 15:55:17 +08:00
seccomp Change bool style 2017-02-22 10:27:35 -08:00
config.go config: Add host privileged runtime configuration 2017-03-03 17:22:09 +01:00
container.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
container_attach.go server: split containers actions 2016-11-22 18:38:05 +01:00
container_create.go server: Set sandbox and container privileged flags 2017-03-03 19:06:04 +01:00
container_exec.go server: split containers actions 2016-11-22 18:38:05 +01:00
container_execsync.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
container_list.go Use canonical import path for apimachinery 2017-02-22 18:32:42 -08:00
container_portforward.go server: split containers actions 2016-11-22 18:38:05 +01:00
container_remove.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
container_start.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
container_status.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
container_stop.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
container_updateruntimeconfig.go server: mock UpdateRuntimeConfig 2016-12-15 14:31:42 +01:00
image_list.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
image_pull.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
image_remove.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
image_status.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
runtime_status.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
sandbox.go oci: Support for the host privileged runtime path 2017-03-03 17:22:09 +01:00
sandbox_list.go Use canonical import path for apimachinery 2017-02-22 18:32:42 -08:00
sandbox_remove.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
sandbox_run.go server: Set sandbox and container privileged flags 2017-03-03 19:06:04 +01:00
sandbox_status.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
sandbox_stop.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
server.go server: Set sandbox and container privileged flags 2017-03-03 19:06:04 +01:00
utils.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00
version.go Applying k8s.io v3 API for ocic and ocid 2017-02-06 13:05:10 +01:00