github.com/containers/podman/v4@v4.9.4/pkg/specgen/generate/security_freebsd.go

github.com/containers/podman/v4@v4.9.4/pkg/specgen/generate/security_freebsd.go (about)

     1  //go:build !remote
     2  // +build !remote
     3  
     4  package generate
     5  
     6  import (
     7  	"github.com/containers/common/libimage"
     8  	"github.com/containers/common/pkg/config"
     9  	"github.com/containers/podman/v4/libpod"
    10  	"github.com/containers/podman/v4/pkg/specgen"
    11  	"github.com/opencontainers/runtime-tools/generate"
    12  )
    13  
    14  // setLabelOpts sets the label options of the SecurityConfig according to the
    15  // input.
    16  func setLabelOpts(s *specgen.SpecGenerator, runtime *libpod.Runtime, pidConfig specgen.Namespace, ipcConfig specgen.Namespace) error {
    17  	return nil
    18  }
    19  
    20  func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error {
    21  	// If this is a privileged container, change the devfs ruleset to expose all devices.
    22  	if s.Privileged {
    23  		for k, m := range g.Config.Mounts {
    24  			if m.Type == "devfs" {
    25  				m.Options = []string{
    26  					"ruleset=0",
    27  				}
    28  				g.Config.Mounts[k] = m
    29  			}
    30  		}
    31  	}
    32  
    33  	g.SetRootReadonly(s.ReadOnlyFilesystem)
    34  
    35  	return nil
    36  }