command line flags of setting container rootfs propagation

Signed-off-by: Kitt Hsu <kitt.hsu@gmail.com>
2021-06-15 16:01:40 +08:00 · 2021-06-15 16:01:40 +08:00 · 05e51539a9
commit 05e51539a9
parent 0a3a77bc44
2 changed files with 19 additions and 0 deletions
--- a/cmd/ctr/commands/commands_unix.go
+++ b/cmd/ctr/commands/commands_unix.go
@ -36,5 +36,8 @@ func init() {
 	}, cli.Uint64Flag{
 		Name:  "cpu-period",
 		Usage: "Limit CPU CFS period",
+	}, cli.StringFlag{
+		Name:  "rootfs-propagation",
+		Usage: "set the propagation of the container rootfs",
 	})
 }
--- a/cmd/ctr/commands/run/run_unix.go
+++ b/cmd/ctr/commands/run/run_unix.go
@ -27,6 +27,7 @@ import (

 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/cmd/ctr/commands"
+	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/contrib/apparmor"
 	"github.com/containerd/containerd/contrib/nvidia"
 	"github.com/containerd/containerd/contrib/seccomp"
@ -266,6 +267,21 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 		for _, dev := range context.StringSlice("device") {
 			opts = append(opts, oci.WithDevices(dev, "", "rwm"))
 		}
+
+		rootfsPropagation := context.String("rootfs-propagation")
+		if rootfsPropagation != "" {
+			opts = append(opts, func(_ gocontext.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
+				if s.Linux != nil {
+					s.Linux.RootfsPropagation = rootfsPropagation
+				} else {
+					s.Linux = &specs.Linux{
+						RootfsPropagation: rootfsPropagation,
+					}
+				}
+
+				return nil
+			})
+		}
 	}

 	runtimeOpts, err := getRuntimeOptions(context)