aboutsummaryrefslogtreecommitdiff
path: root/nixpkgs/nixos/modules/virtualisation/containers.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/virtualisation/containers.nix')
-rw-r--r--nixpkgs/nixos/modules/virtualisation/containers.nix12
1 files changed, 12 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/virtualisation/containers.nix b/nixpkgs/nixos/modules/virtualisation/containers.nix
index 3a6767d84a9..de97ba3f7bb 100644
--- a/nixpkgs/nixos/modules/virtualisation/containers.nix
+++ b/nixpkgs/nixos/modules/virtualisation/containers.nix
@@ -43,6 +43,12 @@ in
'';
};
+ ociSeccompBpfHook.enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = "Enable the OCI seccomp BPF hook";
+ };
+
containersConf = mkOption {
default = {};
description = "containers.conf configuration";
@@ -116,6 +122,12 @@ in
[network]
cni_plugin_dirs = ["${pkgs.cni-plugins}/bin/"]
+ ${lib.optionalString (cfg.ociSeccompBpfHook.enable == true) ''
+ [engine]
+ hooks_dir = [
+ "${config.boot.kernelPackages.oci-seccomp-bpf-hook}",
+ ]
+ ''}
'' + cfg.containersConf.extraConfig;
environment.etc."containers/registries.conf".source = toTOML "registries.conf" {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 19:18:52 +0000