These files should never be included on the remote client. There only
there to finalize the spec on the server side.
This makes sure it will not get reimported by accident and bloat the
remote client again.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On FreeBSD, each container has its own devfs instance with a ruleset
that controls what the container can see. To expose devices to a
container we add rules to its devfs to make the requested devices
visible. For privileged containers, we use 'ruleset=0' which makes
everything visible.
This shares the ParseDevice function with Linux so it moves to
config_common.go from config_linux.go.
Signed-off-by: Doug Rabson <dfr@rabson.org>
Want to allow users to specify --security-opt unmask=/proc/*.
This allows us to run podman within podman more securely, then
specifing umask=all, also gives the user more flexibilty.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Oleksandr Redko
Paul Holzinger
Doug Rabson
Daniel J Walsh