github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add config flag to default empty seccomp profile

Browse Source 
This changes adds `default_seccomp_profile` config switch to apply default seccomp profile when not provided by k8s.a

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This commit is contained in:
Maksym Pavlenko
2020-05-08 13:24:38 -07:00
parent 65830369b6
commit 38f19f991e
4 changed files with 36 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/config/config.go
View File

@@ -225,6 +225,8 @@ type PluginConfig struct {
// DisableProcMount disables Kubernetes ProcMount support. This MUST be set to `true`
// when using containerd with Kubernetes <=1.11.
DisableProcMount bool `toml:"disable_proc_mount" json:"disableProcMount"`
// DefaultSeccompProfile is a seccomp profile to use if not provided by k8s.
DefaultSeccompProfile string `toml:"default_seccomp_profile" json:"defaultSeccompProfile"`
}
// X509KeyPairStreaming contains the x509 configuration for streaming