diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-12-03 00:49:23 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-03 00:49:23 +0100 |
commit | 5cf7aa65fb4786ee3dad191a725f6c37fae83bc3 (patch) | |
tree | 4cb2423eadbf20e7e0ab613845c21940beacb122 /cmd/podman/common/specgen.go | |
parent | 7984842d7e55baa8fc9498afa23b62113850feac (diff) | |
parent | 0334b6195820f7261f87a4f4e5d739a6d560f4b2 (diff) | |
download | podman-5cf7aa65fb4786ee3dad191a725f6c37fae83bc3.tar.gz podman-5cf7aa65fb4786ee3dad191a725f6c37fae83bc3.tar.bz2 podman-5cf7aa65fb4786ee3dad191a725f6c37fae83bc3.zip |
Merge pull request #8408 from umohnani8/sec-opt
Add mask and unmask option to --security-opt
Diffstat (limited to 'cmd/podman/common/specgen.go')
-rw-r--r-- | cmd/podman/common/specgen.go | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index 0bb6e79e5..e0da142ad 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -517,18 +517,22 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string } switch con[0] { - case "proc-opts": - s.ProcOpts = strings.Split(con[1], ",") + case "apparmor": + s.ContainerSecurityConfig.ApparmorProfile = con[1] + s.Annotations[define.InspectAnnotationApparmor] = con[1] case "label": // TODO selinux opts and label opts are the same thing s.ContainerSecurityConfig.SelinuxOpts = append(s.ContainerSecurityConfig.SelinuxOpts, con[1]) s.Annotations[define.InspectAnnotationLabel] = strings.Join(s.ContainerSecurityConfig.SelinuxOpts, ",label=") - case "apparmor": - s.ContainerSecurityConfig.ApparmorProfile = con[1] - s.Annotations[define.InspectAnnotationApparmor] = con[1] + case "mask": + s.ContainerSecurityConfig.Mask = append(s.ContainerSecurityConfig.Mask, strings.Split(con[1], ":")...) + case "proc-opts": + s.ProcOpts = strings.Split(con[1], ",") case "seccomp": s.SeccompProfilePath = con[1] s.Annotations[define.InspectAnnotationSeccomp] = con[1] + case "unmask": + s.ContainerSecurityConfig.Unmask = append(s.ContainerSecurityConfig.Unmask, strings.Split(con[1], ":")...) default: return fmt.Errorf("invalid --security-opt 2: %q", opt) } |