diff options
| author | Viacheslav <v.gletenko@vyos.io> | 2021-10-15 18:18:39 +0000 |
|---|---|---|
| committer | Viacheslav <v.gletenko@vyos.io> | 2021-10-15 18:18:39 +0000 |
| commit | a633bdd2ed65971b2f137d5f985f8f3d85b9acfc (patch) | |
| tree | 058f7c2743efe777796647dc03a8de45fcf17b5b | |
| parent | d4c5e78fc94a375487a968083f88d96323b67301 (diff) | |
| download | vyos-1x-a633bdd2ed65971b2f137d5f985f8f3d85b9acfc.tar.gz vyos-1x-a633bdd2ed65971b2f137d5f985f8f3d85b9acfc.zip | |
containers: T3676: Allow to set capabilities
| -rw-r--r-- | interface-definitions/containers.xml.in | 24 | ||||
| -rwxr-xr-x | src/conf_mode/containers.py | 10 |
2 files changed, 33 insertions, 1 deletions
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in index fb8241d71..24d1870af 100644 --- a/interface-definitions/containers.xml.in +++ b/interface-definitions/containers.xml.in @@ -21,6 +21,30 @@ <valueless/> </properties> </leafNode> + <leafNode name="cap-add"> + <properties> + <help>Add capabilities</help> + <completionHelp> + <list>net-admin setpcap sys-time</list> + </completionHelp> + <valueHelp> + <format>net-admin</format> + <description>Net-admin option</description> + </valueHelp> + <valueHelp> + <format>setpcap</format> + <description>Setpcap option</description> + </valueHelp> + <valueHelp> + <format>sys-time</format> + <description>Sys-time option</description> + </valueHelp> + <constraint> + <regex>^(net-admin|setpcap|sys-time)$</regex> + </constraint> + <multi/> + </properties> + </leafNode> #include <include/generic-description.xml.i> #include <include/generic-disable-node.xml.i> <tagNode name="environment"> diff --git a/src/conf_mode/containers.py b/src/conf_mode/containers.py index 1e0197a13..cc34f9d39 100755 --- a/src/conf_mode/containers.py +++ b/src/conf_mode/containers.py @@ -271,6 +271,14 @@ def apply(container): tmp = run(f'podman image exists {image}') if tmp != 0: print(os.system(f'podman pull {image}')) + # Add capability options. Should be in uppercase + cap_add = '' + if 'cap_add' in container_config: + for c in container_config['cap_add']: + c = c.upper() + c = c.replace('-', '_') + cap_add += f' --cap-add={c}' + # Check/set environment options "-e foo=bar" env_opt = '' if 'environment' in container_config: @@ -299,7 +307,7 @@ def apply(container): dvol = vol_config['destination'] volume += f' -v {svol}:{dvol}' - container_base_cmd = f'podman run --detach --interactive --tty --replace ' \ + container_base_cmd = f'podman run --detach --interactive --tty --replace {cap_add} ' \ f'--memory {memory}m --memory-swap 0 --restart {restart} ' \ f'--name {name} {port} {volume} {env_opt}' if 'allow_host_networks' in container_config: |