nixos/cri-o: add OCI seccomp bpf hook support
We now set the hooks dir correctly if the OCI hook is enabled. CRI-O supports this specific hook from v1.20.0. Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
This commit is contained in:
parent
dc7101ddd9
commit
e2b7bdd08d
@ -103,7 +103,10 @@ in
|
|||||||
cgroup_manager = "systemd"
|
cgroup_manager = "systemd"
|
||||||
log_level = "${cfg.logLevel}"
|
log_level = "${cfg.logLevel}"
|
||||||
pinns_path = "${cfg.package}/bin/pinns"
|
pinns_path = "${cfg.package}/bin/pinns"
|
||||||
hooks_dir = []
|
hooks_dir = [
|
||||||
|
${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable
|
||||||
|
''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''}
|
||||||
|
]
|
||||||
|
|
||||||
${optionalString (cfg.runtime != null) ''
|
${optionalString (cfg.runtime != null) ''
|
||||||
default_runtime = "${cfg.runtime}"
|
default_runtime = "${cfg.runtime}"
|
||||||
|
Loading…
Reference in New Issue
Block a user