github.com/containers/libpod@v1.9.4-0.20220419124438-4284fd425507/cmd/podmanV2/common/default.go (about) 1 package common 2 3 import ( 4 "fmt" 5 "os" 6 7 "github.com/containers/buildah/pkg/parse" 8 "github.com/containers/libpod/pkg/apparmor" 9 "github.com/containers/libpod/pkg/cgroups" 10 "github.com/containers/libpod/pkg/rootless" 11 "github.com/containers/libpod/pkg/sysinfo" 12 "github.com/opencontainers/selinux/go-selinux" 13 ) 14 15 // TODO these options are directly embedded into many of the CLI cobra values, as such 16 // this approach will not work in a remote client. so we will need to likely do something like a 17 // supported and unsupported approach here and backload these options into the specgen 18 // once we are "on" the host system. 19 func getDefaultSecurityOptions() []string { 20 securityOpts := []string{} 21 if defaultContainerConfig.Containers.SeccompProfile != "" && defaultContainerConfig.Containers.SeccompProfile != parse.SeccompDefaultPath { 22 securityOpts = append(securityOpts, fmt.Sprintf("seccomp=%s", defaultContainerConfig.Containers.SeccompProfile)) 23 } 24 if apparmor.IsEnabled() && defaultContainerConfig.Containers.ApparmorProfile != "" { 25 securityOpts = append(securityOpts, fmt.Sprintf("apparmor=%s", defaultContainerConfig.Containers.ApparmorProfile)) 26 } 27 if selinux.GetEnabled() && !defaultContainerConfig.Containers.EnableLabeling { 28 securityOpts = append(securityOpts, fmt.Sprintf("label=%s", selinux.DisableSecOpt()[0])) 29 } 30 return securityOpts 31 } 32 33 // getDefaultSysctls 34 func getDefaultSysctls() []string { 35 return defaultContainerConfig.Containers.DefaultSysctls 36 } 37 38 func getDefaultVolumes() []string { 39 return defaultContainerConfig.Containers.Volumes 40 } 41 42 func getDefaultDevices() []string { 43 return defaultContainerConfig.Containers.Devices 44 } 45 46 func getDefaultDNSServers() []string { //nolint 47 return defaultContainerConfig.Containers.DNSServers 48 } 49 50 func getDefaultDNSSearches() []string { //nolint 51 return defaultContainerConfig.Containers.DNSSearches 52 } 53 54 func getDefaultDNSOptions() []string { //nolint 55 return defaultContainerConfig.Containers.DNSOptions 56 } 57 58 func getDefaultEnv() []string { 59 return defaultContainerConfig.Containers.Env 60 } 61 62 func getDefaultInitPath() string { 63 return defaultContainerConfig.Containers.InitPath 64 } 65 66 func getDefaultIPCNS() string { 67 return defaultContainerConfig.Containers.IPCNS 68 } 69 70 func getDefaultPidNS() string { 71 return defaultContainerConfig.Containers.PidNS 72 } 73 74 func getDefaultNetNS() string { //nolint 75 if defaultContainerConfig.Containers.NetNS == "private" && rootless.IsRootless() { 76 return "slirp4netns" 77 } 78 return defaultContainerConfig.Containers.NetNS 79 } 80 81 func getDefaultCgroupNS() string { 82 return defaultContainerConfig.Containers.CgroupNS 83 } 84 85 func getDefaultUTSNS() string { 86 return defaultContainerConfig.Containers.UTSNS 87 } 88 89 func getDefaultShmSize() string { 90 return defaultContainerConfig.Containers.ShmSize 91 } 92 93 func getDefaultUlimits() []string { 94 return defaultContainerConfig.Containers.DefaultUlimits 95 } 96 97 func getDefaultUserNS() string { 98 userns := os.Getenv("PODMAN_USERNS") 99 if userns != "" { 100 return userns 101 } 102 return defaultContainerConfig.Containers.UserNS 103 } 104 105 func getDefaultPidsLimit() int64 { 106 if rootless.IsRootless() { 107 cgroup2, _ := cgroups.IsCgroup2UnifiedMode() 108 if cgroup2 { 109 return defaultContainerConfig.Containers.PidsLimit 110 } 111 } 112 return sysinfo.GetDefaultPidsLimit() 113 } 114 115 func getDefaultPidsDescription() string { 116 return "Tune container pids limit (set 0 for unlimited)" 117 } 118 119 func GetDefaultDetachKeys() string { 120 return defaultContainerConfig.Engine.DetachKeys 121 }