Add support for Un/Mask

main.py

@@ -171,6 +171,27 @@ def write_service_units(args, yaml_dict):
         if "group_add" in service:
             enforce_list("group_add", service)
             unit_file["Container"]["GroupAdd"] = service["group_add"]
+        if "security_opt" in service:
+            enforce_list("security_opt", service)
+            unmask = []
+            mask = []
+            for line in service["security_opt"]:
+                parts = line.split(":")
+                if len(parts) != 2:
+                    abort(f'Can only parts security_opts of form "type:path". Got: {line}')
+                type_ = parts[0]
+                match type_:
+                    case "mask":
+                        mask.append(parts[1])
+                    case "unmask":
+                        unmask.append(parts[1])
+                    case _:
+                        abort(f'security_opt type "{type_}" is not supported"')
+            if mask:
+                unit_file["Container"]["Mask"] = mask
+            if unmask:
+                unit_file["Container"]["Unmask"] = unmask
+
 
 
         unit_file["Service"] = {}