extern/podman-compose
1
0
Fork 1
mirror of https://github.com/containers/podman-compose.git synced 2025-04-09 09:28:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #199: seccomp:unconfined

Browse Source
This commit is contained in:
Mark Stosberg 2021-12-11 01:50:40 +02:00 committed by Muayyad alsadi
parent 3782b4ab84
commit 6b5f62d693
2 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
podman_compose.py
View File

@ -112,8 +112,7 @@ def parse_short_mount(mount_str, basedir):
# User-relative path # User-relative path
# - ~/configs:/etc/configs/:ro # - ~/configs:/etc/configs/:ro
mount_type = "bind" mount_type = "bind"
basedir = os.path.realpath(basedir) mount_src = os.path.realpath(os.path.join(basedir, os.path.expanduser(mount_src)))
mount_src = os.path.join(basedir, os.path.expanduser(mount_src))
else: else:
# Named volume # Named volume
# - datavolume:/var/lib/mysql # - datavolume:/var/lib/mysql
@ -281,7 +280,7 @@ def assert_volume(compose, mount_dict):
if mount_dict["type"] == "bind": if mount_dict["type"] == "bind":
basedir = os.path.realpath(compose.dirname) basedir = os.path.realpath(compose.dirname)
mount_src = mount_dict["source"] mount_src = mount_dict["source"]
mount_src = os.path.join(basedir, os.path.expanduser(mount_src)) mount_src = os.path.realpath(os.path.join(basedir, os.path.expanduser(mount_src)))
if not os.path.exists(mount_src): if not os.path.exists(mount_src):
try: try:
os.makedirs(mount_src, exist_ok=True) os.makedirs(mount_src, exist_ok=True)
@ -631,7 +630,6 @@ def container_to_args(compose, cnt, detached=True):
for i in tmpfs_ls: for i in tmpfs_ls:
podman_args.extend(['--tmpfs', i]) podman_args.extend(['--tmpfs', i])
for volume in cnt.get('volumes', []): for volume in cnt.get('volumes', []):
# TODO: should we make it os.path.realpath(os.path.join(, i))?
podman_args.extend(get_mount_args(compose, cnt, volume)) podman_args.extend(get_mount_args(compose, cnt, volume))
assert_cnt_nets(compose, cnt) assert_cnt_nets(compose, cnt)
podman_args.extend(get_net_args(compose, cnt)) podman_args.extend(get_net_args(compose, cnt))
@ -839,9 +837,14 @@ class Podman:
return self.run(["volume", "rm", name]) return self.run(["volume", "rm", name])
def normalize_service(service): def normalize_service(service):
for key in ("env_file", "security_opt"): for key in ("env_file", "security_opt", "volumes"):
if key not in service: continue if key not in service: continue
if is_str(service[key]): service[key]=[service[key]] if is_str(service[key]): service[key]=[service[key]]
if "security_opt" in service:
sec_ls = service["security_opt"]
for ix, item in enumerate(sec_ls):
if item=="seccomp:unconfined" or item=="apparmor:unconfined":
sec_ls[ix] = item.replace(":", "=")
for key in ("environment", "labels"): for key in ("environment", "labels"):
if key not in service: continue if key not in service: continue
service[key] = norm_as_dict(service[key]) service[key] = norm_as_dict(service[key])

12
tests/seccomp/docker-compose.yml Normal file
View File

@ -0,0 +1,12 @@
version: "3"
services:
web1:
image: busybox
command: httpd -f -p 80 -h /var/www/html
volumes:
- ./docker-compose.yml:/var/www/html/index.html
ports:
- "8080:80"
security_opt:
- seccomp:unconfined