faerbit/dcqc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add support for Un/Mask

Browse Source
This commit is contained in:
Fabian 2024-11-07 16:50:21 +01:00
parent 3d81ec6118
commit 55977c0dc7
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
main.py
View File

@ -171,6 +171,27 @@ def write_service_units(args, yaml_dict):
if "group_add" in service: if "group_add" in service:
enforce_list("group_add", service) enforce_list("group_add", service)
unit_file["Container"]["GroupAdd"] = service["group_add"] unit_file["Container"]["GroupAdd"] = service["group_add"]
if "security_opt" in service:
enforce_list("security_opt", service)
unmask = []
mask = []
for line in service["security_opt"]:
parts = line.split(":")
if len(parts) != 2:
abort(f'Can only parts security_opts of form "type:path". Got: {line}')
type_ = parts[0]
match type_:
case "mask":
mask.append(parts[1])
case "unmask":
unmask.append(parts[1])
case _:
abort(f'security_opt type "{type_}" is not supported"')
if mask:
unit_file["Container"]["Mask"] = mask
if unmask:
unit_file["Container"]["Unmask"] = unmask
unit_file["Service"] = {} unit_file["Service"] = {}