Yohei Ueda b582da4438 Set masked and readonly paths based on default Unix spec ...

The default values of masked and readonly paths are defined
in populateDefaultUnixSpec, and are used when a sandbox is
created.  It is not, however, used for new containers.  If
a container definition does not contain a security context
specifying masked/readonly paths, a container created from
it does not have masked and readonly paths.

This patch applies the default values to masked and
readonly paths of a new container, when any specific values
are not specified.

Fixes #1569

Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>

2020-09-09 23:13:05 +09:00

..

annotations

use containerd/project header test

2020-04-22 19:35:37 -05:00

api/runtimeoptions/v1

use containerd/project header test

2020-04-22 19:35:37 -05:00

atomic

use containerd/project header test

2020-04-22 19:35:37 -05:00

config

Allow GC to discard content after successful pull and unpack

2020-07-28 09:05:47 +09:00

constants

use containerd/project header test

2020-04-22 19:35:37 -05:00

containerd

allow disabling hugepages

2020-07-16 11:46:25 +09:00

ioutil

use containerd/project header test

2020-04-22 19:35:37 -05:00

netns

use containerd/project header test

2020-04-22 19:35:37 -05:00

os

use containerd/project header test

2020-04-22 19:35:37 -05:00

registrar

use containerd/project header test

2020-04-22 19:35:37 -05:00

seccomp

remove libseccomp cgo dependency

2020-07-30 18:51:23 +09:00

server

Set masked and readonly paths based on default Unix spec

2020-09-09 23:13:05 +09:00

seutil

Handle KVM based runtimes with selinux

2020-08-26 21:38:03 -04:00

store

Change "failed to stop sandbox" error message to use state name instead of numeric value

2020-06-27 16:45:08 -04:00

streaming

remove unused method

2020-06-22 15:03:47 -04:00

util

use containerd/project header test

2020-04-22 19:35:37 -05:00