diff options
author | Robert Tonic <btonic@users.noreply.github.com> | 2019-09-19 12:37:15 -0400 |
---|---|---|
committer | Robert Tonic <btonic@users.noreply.github.com> | 2019-09-19 12:37:15 -0400 |
commit | ac38a7ead0870118d27d570a8a98a90a7a225a12 (patch) | |
tree | 148be23cd23865cb8b586321d05389bf01c6d9a2 /runsc/container | |
parent | c2ae77a607b6e103545aa83e8f2c7c5bf649846f (diff) |
Place the host UDS mounting behind --fsgofer-host-uds-allowed.
This commit allows the use of the `--fsgofer-host-uds-allowed` flag to
enable mounting sockets and add the appropriate seccomp filters.
Diffstat (limited to 'runsc/container')
-rw-r--r-- | runsc/container/container.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/runsc/container/container.go b/runsc/container/container.go index bbb364214..ceadb38aa 100644 --- a/runsc/container/container.go +++ b/runsc/container/container.go @@ -941,6 +941,11 @@ func (c *Container) createGoferProcess(spec *specs.Spec, conf *boot.Config, bund args = append(args, "--panic-on-write=true") } + // Add support for mounting host UDS in the gofer + if conf.FSGoferHostUDSAllowed { + args = append(args, "--host-uds-allowed=true") + } + // Open the spec file to donate to the sandbox. specFile, err := specutils.OpenSpec(bundleDir) if err != nil { |