diff options
| author | adisbladis <adisbladis@gmail.com> | 2021-02-06 12:03:44 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-06 12:03:44 +0100 |
| commit | 6caa6cb3f56ee0b0e4f2d5f890060530ff60f56d (patch) | |
| tree | 23ad21d8fcdf8a5000ee8ef38c6f880df610c3c5 /nixos/modules | |
| parent | 3c6035cd9a87e5363bff0792ce5588b179a50946 (diff) | |
| parent | e2b7bdd08d2fccaa5f714d35b78930c6091eb7e1 (diff) | |
Merge pull request #111924 from saschagrunert/cri-o-oci-hook
nixos/cri-o: add OCI seccomp bpf hook support
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/virtualisation/cri-o.nix | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/cri-o.nix b/nixos/modules/virtualisation/cri-o.nix index aa416e7990a8b..8d352e36ef99a 100644 --- a/nixos/modules/virtualisation/cri-o.nix +++ b/nixos/modules/virtualisation/cri-o.nix @@ -103,7 +103,10 @@ in cgroup_manager = "systemd" log_level = "${cfg.logLevel}" pinns_path = "${cfg.package}/bin/pinns" - hooks_dir = [] + hooks_dir = [ + ${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable + ''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''} + ] ${optionalString (cfg.runtime != null) '' default_runtime = "${cfg.runtime}" |