github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/worker/runtime/spec/namespaces.go

github.com/pf-qiu/concourse/v6@v6.7.3-0.20201207032516-1f455d73275f/worker/runtime/spec/namespaces.go (about)

     1  package spec
     2  
     3  import "github.com/opencontainers/runtime-spec/specs-go"
     4  
     5  var (
     6  	PrivilegedContainerNamespaces = []specs.LinuxNamespace{
     7  		{Type: specs.PIDNamespace},
     8  		{Type: specs.IPCNamespace},
     9  		{Type: specs.UTSNamespace},
    10  		{Type: specs.MountNamespace},
    11  		{Type: specs.NetworkNamespace},
    12  	}
    13  
    14  	UnprivilegedContainerNamespaces = append(PrivilegedContainerNamespaces,
    15  		specs.LinuxNamespace{Type: specs.UserNamespace},
    16  	)
    17  )
    18  
    19  func OciNamespaces(privileged bool) []specs.LinuxNamespace {
    20  	if !privileged {
    21  		return UnprivilegedContainerNamespaces
    22  	}
    23  
    24  	return PrivilegedContainerNamespaces
    25  }