#!/usr/bin/env bash

#   Copyright The containerd Authors.

#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at

#       http://www.apache.org/licenses/LICENSE-2.0

#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

#
# establishes /etc/containerd/config.toml
# parameterized by the current SELinux mode
#
set -eux -o pipefail

enable_selinux=false

if type -p getenforce &>/dev/null && [[ $(getenforce) != Disabled ]]; then
  enable_selinux=true
fi

mkdir -p /etc/containerd

cat << EOF | sudo tee /etc/containerd/config.toml
version = 2

[plugins."io.containerd.snapshotter.v1.overlayfs"]
# slow_chown is needed to avoid an error with kernel < 5.19:
# > "snapshotter \"overlayfs\" doesn't support idmap mounts on this host,
# > configure \`slow_chown\` to allow a slower and expensive fallback"
# https://github.com/containerd/containerd/pull/9920#issuecomment-1978901454
# This is safely ignored for kernel >= 5.19.
slow_chown = true

[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    enable_selinux = ${enable_selinux}
EOF
