diff options
| author | Lantao Liu <lantaol@google.com> | 2018-06-25 12:07:50 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2018-06-25 12:08:44 -0700 |
| commit | e8ae2b85e90fc27e74de032698224e7972673cec (patch) | |
| tree | e67bf03a17dc48b473a9ae9639d4aa35aefda3ab /runsc/main.go | |
| parent | cecc1e472cc893738a070be00d303dd888b9f325 (diff) | |
runsc: add a `multi-container` flag to enable multi-container support.
PiperOrigin-RevId: 201995800
Change-Id: I770190d135e14ec7da4b3155009fe10121b2a502
Diffstat (limited to 'runsc/main.go')
| -rw-r--r-- | runsc/main.go | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/runsc/main.go b/runsc/main.go index cd906e191..aa5796d42 100644 --- a/runsc/main.go +++ b/runsc/main.go @@ -55,10 +55,11 @@ var ( straceLogSize = flag.Uint("strace-log-size", 1024, "default size (in bytes) to log data argument blobs") // Flags that control sandbox runtime behavior. - platform = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm") - network = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.") - fileAccess = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.") - overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.") + platform = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm") + network = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.") + fileAccess = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.") + overlay = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.") + multiContainer = flag.Bool("multi-container", false, "enable *experimental* multi-container support.") ) var gitRevision = "" @@ -111,18 +112,19 @@ func main() { // Create a new Config from the flags. conf := &boot.Config{ - RootDir: *rootDir, - Debug: *debug, - LogFilename: *logFilename, - LogFormat: *logFormat, - DebugLogDir: *debugLogDir, - FileAccess: fsAccess, - Overlay: *overlay, - Network: netType, - LogPackets: *logPackets, - Platform: platformType, - Strace: *strace, - StraceLogSize: *straceLogSize, + RootDir: *rootDir, + Debug: *debug, + LogFilename: *logFilename, + LogFormat: *logFormat, + DebugLogDir: *debugLogDir, + FileAccess: fsAccess, + Overlay: *overlay, + Network: netType, + LogPackets: *logPackets, + Platform: platformType, + Strace: *strace, + StraceLogSize: *straceLogSize, + MultiContainer: *multiContainer, } if len(*straceSyscalls) != 0 { conf.StraceSyscalls = strings.Split(*straceSyscalls, ",") |