diff options
| author | Sascha Grunert <mail@saschagrunert.de> | 2021-02-04 15:01:10 +0100 |
|---|---|---|
| committer | Sascha Grunert <mail@saschagrunert.de> | 2021-02-05 11:04:49 +0100 |
| commit | e2b7bdd08d2fccaa5f714d35b78930c6091eb7e1 (patch) | |
| tree | c266305593fdf6cefb3c726e891e4a0a06a1327e /nixos/modules/virtualisation/cri-o.nix | |
| parent | dc7101ddd91ab6f277357648fcb8611a2134d055 (diff) | |
nixos/cri-o: add OCI seccomp bpf hook support
We now set the hooks dir correctly if the OCI hook is enabled. CRI-O supports this specific hook from v1.20.0. Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
Diffstat (limited to 'nixos/modules/virtualisation/cri-o.nix')
| -rw-r--r-- | nixos/modules/virtualisation/cri-o.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/cri-o.nix b/nixos/modules/virtualisation/cri-o.nix index aa416e7990a8b..8d352e36ef99a 100644 --- a/nixos/modules/virtualisation/cri-o.nix +++ b/nixos/modules/virtualisation/cri-o.nix @@ -103,7 +103,10 @@ in cgroup_manager = "systemd" log_level = "${cfg.logLevel}" pinns_path = "${cfg.package}/bin/pinns" - hooks_dir = [] + hooks_dir = [ + ${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable + ''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''} + ] ${optionalString (cfg.runtime != null) '' default_runtime = "${cfg.runtime}" |