summaryrefslogtreecommitdiffhomepage
path: root/runsc/container
diff options
context:
space:
mode:
authorRobert Tonic <btonic@users.noreply.github.com>2019-09-19 12:37:15 -0400
committerRobert Tonic <btonic@users.noreply.github.com>2019-09-19 12:37:15 -0400
commitac38a7ead0870118d27d570a8a98a90a7a225a12 (patch)
tree148be23cd23865cb8b586321d05389bf01c6d9a2 /runsc/container
parentc2ae77a607b6e103545aa83e8f2c7c5bf649846f (diff)
Place the host UDS mounting behind --fsgofer-host-uds-allowed.
This commit allows the use of the `--fsgofer-host-uds-allowed` flag to enable mounting sockets and add the appropriate seccomp filters.
Diffstat (limited to 'runsc/container')
-rw-r--r--runsc/container/container.go5
1 files changed, 5 insertions, 0 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go
index bbb364214..ceadb38aa 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -941,6 +941,11 @@ func (c *Container) createGoferProcess(spec *specs.Spec, conf *boot.Config, bund
args = append(args, "--panic-on-write=true")
}
+ // Add support for mounting host UDS in the gofer
+ if conf.FSGoferHostUDSAllowed {
+ args = append(args, "--host-uds-allowed=true")
+ }
+
// Open the spec file to donate to the sandbox.
specFile, err := specutils.OpenSpec(bundleDir)
if err != nil {