diff options
author | Daniel Golle <daniel@makrotopia.org> | 2020-07-10 10:56:58 +0100 |
---|---|---|
committer | Daniel Golle <daniel@makrotopia.org> | 2020-07-10 18:31:52 +0100 |
commit | ea7a790f210c6540d01e029cd6e93cea145ccf8b (patch) | |
tree | 04aaece2c053c798b0975b0bbe1709a50c6ec018 /CMakeLists.txt | |
parent | b9b39e2061d7035a9d84eecbb4a4613deaf6d03f (diff) | |
download | procd-ea7a790f210c6540d01e029cd6e93cea145ccf8b.tar.gz |
jail: add support for running OCI bundle
Prepare ujail for running OCI bundled Linux containers.
This adds handling of most of the JSON schema defined by the
Open Container Initiative Runtime Specification.
What is supported by this commits:
* basic OCI process definition
* seccomp filters (no args yet)
* capabilities (100%)
* namespaces (100%)
* uid/gid mappings for userns (100%)
* mounts (no free form mounts yet)
* env (100%, limited to a low number entries)
* hostname (100%)
* terminal (no consoleSize yet)
What is still missing:
* complex mounts
* maskedPaths, readonlyPaths
* referencing existing namespaces
* all hooks
* rlimits
* oomScoreAdj
* additionalGids
* cgroups
* devices
* sysctl
* rootfsPropagation
* personality and bi-arch (ie. 32-bit container on 64-bit host)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Diffstat (limited to 'CMakeLists.txt')
-rw-r--r-- | CMakeLists.txt | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 3eb79f9..8084674 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -103,8 +103,12 @@ INSTALL(TARGETS preload-seccomp ADD_DEPENDENCIES(preload-seccomp syscall-names-h) endif() +IF(SECCOMP_SUPPORT) + SET(SOURCES_OCI_SECCOMP jail/seccomp-oci.c) +ENDIF() + IF(JAIL_SUPPORT) -ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/fs.c jail/capabilities.c) +ADD_EXECUTABLE(ujail jail/jail.c jail/elf.c jail/fs.c jail/capabilities.c ${SOURCES_OCI_SECCOMP}) TARGET_LINK_LIBRARIES(ujail ${ubox} ${ubus} ${blobmsg_json}) INSTALL(TARGETS ujail RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR} |