| #!/usr/bin/env bash |
| |
| # Copyright The containerd Authors. |
| |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # |
| # establishes /etc/containerd/config.toml |
| # parameterized by the current SELinux mode |
| # |
| set -eux -o pipefail |
| |
| enable_selinux=false |
| |
| if type -p getenforce &>/dev/null && [[ $(getenforce) != Disabled ]]; then |
| enable_selinux=true |
| fi |
| |
| mkdir -p /etc/containerd |
| |
| cat << EOF | sudo tee /etc/containerd/config.toml |
| version = 2 |
| |
| [plugins."io.containerd.snapshotter.v1.overlayfs"] |
| # slow_chown is needed to avoid an error with kernel < 5.19: |
| # > "snapshotter \"overlayfs\" doesn't support idmap mounts on this host, |
| # > configure \`slow_chown\` to allow a slower and expensive fallback" |
| # https://github.com/containerd/containerd/pull/9920#issuecomment-1978901454 |
| # This is safely ignored for kernel >= 5.19. |
| slow_chown = true |
| |
| [plugins] |
| [plugins."io.containerd.grpc.v1.cri"] |
| enable_selinux = ${enable_selinux} |
| EOF |
