stack: Support cap_add and cap_drop on services

Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>
Signed-off-by: Albin Kerouanton <albin@akerouanton.name>
This commit is contained in:
Olli Janatuinen 2019-09-09 20:24:51 +03:00 committed by Sebastiaan van Stijn
parent ad16982544
commit 0db61ff6da
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
3 changed files with 28 additions and 2 deletions

View File

@ -147,6 +147,8 @@ func Service(
Isolation: container.Isolation(service.Isolation),
Init: service.Init,
Sysctls: service.Sysctls,
CapabilityAdd: service.CapAdd,
CapabilityDrop: service.CapDrop,
},
LogDriver: logDriver,
Resources: resources,

View File

@ -623,3 +623,29 @@ func TestConvertUpdateConfigParallelism(t *testing.T) {
})
assert.Check(t, is.Equal(parallel, updateConfig.Parallelism))
}
func TestConvertServiceCapAddAndCapDrop(t *testing.T) {
// test default behavior
result, err := Service("1.41", Namespace{name: "foo"}, composetypes.ServiceConfig{}, nil, nil, nil, nil)
assert.NilError(t, err)
assert.Check(t, is.DeepEqual(result.TaskTemplate.ContainerSpec.CapabilityAdd, []string(nil)))
assert.Check(t, is.DeepEqual(result.TaskTemplate.ContainerSpec.CapabilityDrop, []string(nil)))
// with some values
service := composetypes.ServiceConfig{
CapAdd: []string{
"SYS_NICE",
"CAP_NET_ADMIN",
},
CapDrop: []string{
"CHOWN",
"DAC_OVERRIDE",
"CAP_FSETID",
"CAP_FOWNER",
},
}
result, err = Service("1.41", Namespace{name: "foo"}, service, nil, nil, nil, nil)
assert.NilError(t, err)
assert.Check(t, is.DeepEqual(result.TaskTemplate.ContainerSpec.CapabilityAdd, service.CapAdd))
assert.Check(t, is.DeepEqual(result.TaskTemplate.ContainerSpec.CapabilityDrop, service.CapDrop))
}

View File

@ -9,8 +9,6 @@ import (
// UnsupportedProperties not yet supported by this implementation of the compose file
var UnsupportedProperties = []string{
"build",
"cap_add",
"cap_drop",
"cgroupns_mode",
"cgroup_parent",
"devices",