51 lines
1.6 KiB
Diff
51 lines
1.6 KiB
Diff
From eefc6ae2544a6819da9f92c5aa8e65d356da4c96 Mon Sep 17 00:00:00 2001
|
|
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|
Date: Sat, 9 Mar 2024 21:30:56 +0900
|
|
Subject: [PATCH] features: implement returning
|
|
potentiallyUnsafeConfigAnnotations list
|
|
|
|
See https://github.com/opencontainers/runtime-spec/blob/v1.2.0/features.md#unsafe-annotations-in-configjson
|
|
|
|
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
|
---
|
|
features.go | 5 +++++
|
|
types/features/features.go | 6 ++++++
|
|
2 files changed, 11 insertions(+)
|
|
|
|
diff --git a/features.go b/features.go
|
|
index c9cd15c..7f76e7a 100644
|
|
--- a/features.go
|
|
+++ b/features.go
|
|
@@ -55,6 +55,11 @@ var featuresCommand = cli.Command{
|
|
Enabled: &tru,
|
|
},
|
|
},
|
|
+ PotentiallyUnsafeConfigAnnotations: []string{
|
|
+ "bundle",
|
|
+ "org.systemd.property.", // prefix form
|
|
+ "org.criu.config",
|
|
+ },
|
|
}
|
|
|
|
if seccomp.Enabled {
|
|
diff --git a/types/features/features.go b/types/features/features.go
|
|
index c6269ca..8b467f7 100644
|
|
--- a/types/features/features.go
|
|
+++ b/types/features/features.go
|
|
@@ -25,6 +25,12 @@ type Features struct {
|
|
// Annotations contains implementation-specific annotation strings,
|
|
// such as the implementation version, and third-party extensions.
|
|
Annotations map[string]string `json:"annotations,omitempty"`
|
|
+
|
|
+ // PotentiallyUnsafeConfigAnnotations the list of the potential unsafe annotations
|
|
+ // that may appear in `config.json`.
|
|
+ //
|
|
+ // A value that ends with "." is interpreted as a prefix of annotations.
|
|
+ PotentiallyUnsafeConfigAnnotations []string `json:"potentiallyUnsafeConfigAnnotations,omitempty"`
|
|
}
|
|
|
|
// Linux is specific to Linux.
|
|
--
|
|
2.33.0
|
|
|