diff options
Diffstat (limited to 'runsc/config')
| -rw-r--r-- | runsc/config/config.go | 3 | ||||
| -rw-r--r-- | runsc/config/flags.go | 1 |
2 files changed, 4 insertions, 0 deletions
diff --git a/runsc/config/config.go b/runsc/config/config.go index 1e5858837..0b2b97cc5 100644 --- a/runsc/config/config.go +++ b/runsc/config/config.go @@ -172,6 +172,9 @@ type Config struct { // Enables seccomp inside the sandbox. OCISeccomp bool `flag:"oci-seccomp"` + // Mounts the cgroup filesystem backed by the sentry's cgroupfs. + Cgroupfs bool `flag:"cgroupfs"` + // TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in // tests. It allows runsc to start the sandbox process as the current // user, and without chrooting the sandbox process. This can be diff --git a/runsc/config/flags.go b/runsc/config/flags.go index 1d996c841..13a1a0163 100644 --- a/runsc/config/flags.go +++ b/runsc/config/flags.go @@ -75,6 +75,7 @@ func RegisterFlags() { flag.Bool("fsgofer-host-uds", false, "allow the gofer to mount Unix Domain Sockets.") flag.Bool("vfs2", false, "enables VFSv2. This uses the new VFS layer that is faster than the previous one.") flag.Bool("fuse", false, "TEST ONLY; use while FUSE in VFSv2 is landing. This allows the use of the new experimental FUSE filesystem.") + flag.Bool("cgroupfs", false, "Automatically mount cgroupfs.") // Flags that control sandbox runtime behavior: network related. flag.Var(networkTypePtr(NetworkSandbox), "network", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.") |