create: Add no_pivot option

The --no-pivot option is documented in https://github.com/opencontainers/runc/blob/main/man/runc-create.8.md Signed-off-by: Christophe de Dinechin <[email protected]>
containers · Mar 3, 2023 · c471c95 · c471c95
1 parent eea81cd
commit c471c95
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/crates/liboci-cli/src/create.rs b/crates/liboci-cli/src/create.rs
@@ -3,6 +3,7 @@ use clap::Parser;
 use std::path::PathBuf;
 
 /// Create a container
+/// Reference: https://github.com/opencontainers/runc/blob/main/man/runc-create.8.md
 #[derive(Parser, Debug)]
 pub struct Create {
     /// File to write pid of the container created
@@ -18,7 +19,15 @@ pub struct Create {
     /// Pass N additional file descriptors to the container (stdio + $LISTEN_FDS + N in total)
     #[clap(long, default_value = "0")]
     pub preserve_fds: i32,
-    /// name of the container instance to be started
+    /// Do not use pivot rool to jail process inside rootfs
+    #[clap(long)]
+    pub no_pivot: bool,
+
+    // XXX: non-standard extension
+    #[clap(long)]
+    pub no_new_keyring: bool,
+
+    /// Name of the container instance to be started
     #[clap(value_parser = clap::builder::NonEmptyStringValueParser::new(), required = true)]
     pub container_id: String,
 }