diff options
| author | Chong Cai <chongc@google.com> | 2021-08-18 13:11:36 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-08-18 13:13:49 -0700 |
| commit | 75b5a4f455c2e81bb38dcf786c788089ad1aebf7 (patch) | |
| tree | 2901c8304c70d79361d2c7e241879a34e747d010 /runsc/config/flags.go | |
| parent | e0bf52250289d23cff5c6ef10aa60b9cf0997647 (diff) | |
Add control configs
Also plumber the controls through runsc
PiperOrigin-RevId: 391594318
Diffstat (limited to 'runsc/config/flags.go')
| -rw-r--r-- | runsc/config/flags.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/runsc/config/flags.go b/runsc/config/flags.go index 8fde31167..85507902a 100644 --- a/runsc/config/flags.go +++ b/runsc/config/flags.go @@ -67,6 +67,7 @@ func RegisterFlags() { flag.Var(leakModePtr(refs.NoLeakChecking), "ref-leak-mode", "sets reference leak check mode: disabled (default), log-names, log-traces.") flag.Bool("cpu-num-from-quota", false, "set cpu number to cpu quota (least integer greater or equal to quota value, but not less than 2)") flag.Bool("oci-seccomp", false, "Enables loading OCI seccomp filters inside the sandbox.") + flag.Var(defaultControlConfig(), "controls", "Sentry control endpoints.") // Flags that control sandbox runtime behavior: FS related. flag.Var(fileAccessTypePtr(FileAccessExclusive), "file-access", "specifies which filesystem validation to use for the root mount: exclusive (default), shared.") |