Merge pull request #111924 from saschagrunert/cri-o-oci-hook

nixos/cri-o: add OCI seccomp bpf hook support
2021-02-06 12:03:44 +01:00
parent 3c6035cd9a e2b7bdd08d
commit 6caa6cb3f5
1 changed files with 4 additions and 1 deletions
--- a/nixos/modules/virtualisation/cri-o.nix
+++ b/nixos/modules/virtualisation/cri-o.nix
@@ -103,7 +103,10 @@ in
      cgroup_manager = "systemd"
      log_level = "${cfg.logLevel}"
      pinns_path = "${cfg.package}/bin/pinns"
-      hooks_dir = []
+      hooks_dir = [
+      ${lib.optionalString config.virtualisation.containers.ociSeccompBpfHook.enable
+        ''"${config.boot.kernelPackages.oci-seccomp-bpf-hook}",''}
+      ]

      ${optionalString (cfg.runtime != null) ''
      default_runtime = "${cfg.runtime}"