jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/cri-o: add OCI seccomp bpf hook support

Browse Source 
We now set the hooks dir correctly if the OCI hook is enabled. CRI-O
supports this specific hook from v1.20.0.

Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
This commit is contained in:
Sascha Grunert 2021-02-04 15:01:10 +01:00
parent dc7101ddd9
commit e2b7bdd08d
No known key found for this signature in database
GPG Key ID: BEDA150F1B0AFEEC
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/virtualisation/cri-o.nix
View File

@ -103,7 +103,10 @@ in
cgroup_manager = "systemd"
log_level = "${cfg.logLevel}"
pinns_path = "${cfg.package}/bin/pinns"
hooks_dir = []
hooks_dir = [
${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable
''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''}
]
${optionalString (cfg.runtime != null) ''
default_runtime = "${cfg.runtime}"