From a12bc790973ca1026302ab270503325115b81375 Mon Sep 17 00:00:00 2001 From: Nathan Date: Mon, 11 Sep 2023 00:56:14 +0000 Subject: [PATCH] both driver-opt and security-opt options --- driver/docker-container/driver.go | 3 ++- driver/docker-container/factory.go | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/driver/docker-container/driver.go b/driver/docker-container/driver.go index ef44568e..1e93cb08 100644 --- a/driver/docker-container/driver.go +++ b/driver/docker-container/driver.go @@ -42,6 +42,7 @@ type Driver struct { netMode string image string cgroupParent string + securityOpts map[string]string env []string } @@ -148,7 +149,7 @@ func (d *Driver) create(ctx context.Context, l progress.SubLogger) error { break } } - for i, k := range d.SecurityOpts { + for i, k := range d.securityOpts { switch { case i == "systempaths": hc.MaskedPaths = []string{} diff --git a/driver/docker-container/factory.go b/driver/docker-container/factory.go index 7c23eef7..11ebc0f0 100644 --- a/driver/docker-container/factory.go +++ b/driver/docker-container/factory.go @@ -40,6 +40,7 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver return nil, errors.Errorf("%s driver requires docker API access", f.Name()) } d := &Driver{factory: f, InitConfig: cfg} + d.securityOpts = make(map[string]string) for k, v := range cfg.DriverOpts { switch { case k == "network": @@ -57,6 +58,14 @@ func (f *factory) New(ctx context.Context, cfg driver.InitConfig) (driver.Driver return nil, errors.Errorf("invalid env option %q, expecting env.FOO=bar", k) } d.env = append(d.env, fmt.Sprintf("%s=%s", envName, v)) + case k == "seccomp": + d.securityOpts[k] = v + case k == "apparmor": + d.securityOpts[k] = v + case k == "systempaths": + d.securityOpts[k] = v + case k == "privileged": + d.securityOpts[k] = v default: return nil, errors.Errorf("invalid driver option %s for docker-container driver", k) }