diff --git a/paunch/builder/compose1.py b/paunch/builder/compose1.py index 9c75222..648c3c2 100644 --- a/paunch/builder/compose1.py +++ b/paunch/builder/compose1.py @@ -182,6 +182,8 @@ class ComposeV1Builder(object): cmd.append('--volumes-from=%s' % v) if 'log_tag' in cconfig: cmd.append('--log-opt=tag=%s' % cconfig['log_tag']) + if 'security_opt' in cconfig: + cmd.append('--security-opt=%s' % cconfig['security_opt']) cmd.append(cconfig.get('image', '')) cmd.extend(self.command_argument(cconfig.get('command'))) diff --git a/paunch/tests/test_builder_compose1.py b/paunch/tests/test_builder_compose1.py index faf8ab3..d416446 100644 --- a/paunch/tests/test_builder_compose1.py +++ b/paunch/tests/test_builder_compose1.py @@ -418,7 +418,8 @@ three-12345678 three''', '', 0), 'retries': 3 }, 'env_file': '/tmp/foo.env', - 'log_tag': '{{.ImageName}}/{{.Name}}/{{.ID}}' + 'log_tag': '{{.ImageName}}/{{.Name}}/{{.ID}}', + 'security_opt': 'label:disable' } } builder = compose1.ComposeV1Builder('foo', config, None) @@ -432,7 +433,8 @@ three-12345678 three''', '', 0), '--uts=host', '--health-cmd=/bin/true', '--health-interval=30s', '--health-timeout=10s', '--health-retries=3', '--privileged=true', '--restart=always', '--user=bar', - '--log-opt=tag={{.ImageName}}/{{.Name}}/{{.ID}}', 'centos:7'], + '--log-opt=tag={{.ImageName}}/{{.Name}}/{{.ID}}', + '--security-opt=label:disable', 'centos:7'], cmd ) diff --git a/releasenotes/notes/Add-security-opt-76c14c9b39d35d3e.yaml b/releasenotes/notes/Add-security-opt-76c14c9b39d35d3e.yaml new file mode 100644 index 0000000..401cb63 --- /dev/null +++ b/releasenotes/notes/Add-security-opt-76c14c9b39d35d3e.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add `--security-opt=xxx` option for the action run a container. Allows to + define security options, such as turning labels (SELinux) on/off.