podman
1//go:build !remote2package generate4import (6"github.com/containers/common/libimage"7"github.com/containers/common/pkg/config"8"github.com/containers/podman/v5/libpod"9"github.com/containers/podman/v5/pkg/specgen"10"github.com/opencontainers/runtime-tools/generate"11)12// setLabelOpts sets the label options of the SecurityConfig according to the14// input.15func setLabelOpts(s *specgen.SpecGenerator, runtime *libpod.Runtime, pidConfig specgen.Namespace, ipcConfig specgen.Namespace) error {16return nil17}18func securityConfigureGenerator(s *specgen.SpecGenerator, g *generate.Generator, newImage *libimage.Image, rtc *config.Config) error {20// If this is a privileged container, change the devfs ruleset to expose all devices.21if s.IsPrivileged() {22for k, m := range g.Config.Mounts {23if m.Type == "devfs" {24m.Options = []string{25"ruleset=0",26}27g.Config.Mounts[k] = m28}29}30}31if s.ReadOnlyFilesystem != nil {33g.SetRootReadonly(*s.ReadOnlyFilesystem)34}35return nil37}38