tyler.durden/compose
1
0
Fork 0
mirror of https://github.com/docker/compose.git synced 2025-07-25 14:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add security_opt as a docker-compose.yml option

Browse Source 
Signed-off-by: Logan Owen <lsowen@s1network.com>
This commit is contained in:
lsowen 2015-04-17 01:34:42 +00:00
parent 80eaf4cc9f
commit ea7ee301c0
4 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
compose/config.py
View File

@ -30,6 +30,7 @@ DOCKER_CONFIG_KEYS = [
'ports', 'ports',
'privileged', 'privileged',
'restart', 'restart',
'security_opt',
'stdin_open', 'stdin_open',
'tty', 'tty',
'user', 'user',

5
compose/service.py
View File

@ -42,6 +42,7 @@ DOCKER_START_KEYS = [
'privileged', 'privileged',
'restart', 'restart',
'volumes_from', 'volumes_from',
'security_opt',
] ]
VALID_NAME_CHARS = '[a-zA-Z0-9]' VALID_NAME_CHARS = '[a-zA-Z0-9]'
@ -595,6 +596,7 @@ class Service(object):
cap_drop = options.get('cap_drop', None) cap_drop = options.get('cap_drop', None)
log_config = LogConfig(type=options.get('log_driver', 'json-file')) log_config = LogConfig(type=options.get('log_driver', 'json-file'))
pid = options.get('pid', None) pid = options.get('pid', None)
security_opt = options.get('security_opt', None)
dns = options.get('dns', None) dns = options.get('dns', None)
if isinstance(dns, six.string_types): if isinstance(dns, six.string_types):
@ -627,7 +629,8 @@ class Service(object):
log_config=log_config, log_config=log_config,
extra_hosts=extra_hosts, extra_hosts=extra_hosts,
read_only=read_only, read_only=read_only,
pid_mode=pid pid_mode=pid,
security_opt=security_opt
) )
def build(self, no_cache=False): def build(self, no_cache=False):

10
docs/yml.md
View File

@ -352,6 +352,16 @@ devices:
- "/dev/ttyUSB0:/dev/ttyUSB0" - "/dev/ttyUSB0:/dev/ttyUSB0"
``` ```
### security_opt
Override the default labeling scheme for each container.
```
security_opt:
- label:user:USER
- label:role:ROLE
```
### working\_dir, entrypoint, user, hostname, domainname, mem\_limit, privileged, restart, stdin\_open, tty, cpu\_shares, cpuset, read\_only ### working\_dir, entrypoint, user, hostname, domainname, mem\_limit, privileged, restart, stdin\_open, tty, cpu\_shares, cpuset, read\_only
Each of these is a single value, analogous to its Each of these is a single value, analogous to its

7
tests/integration/service_test.py
View File

@ -192,6 +192,13 @@ class ServiceTest(DockerClientTestCase):
service.start_container(container) service.start_container(container)
self.assertEqual(container.get('HostConfig.ReadonlyRootfs'), read_only, container.get('HostConfig')) self.assertEqual(container.get('HostConfig.ReadonlyRootfs'), read_only, container.get('HostConfig'))
def test_create_container_with_security_opt(self):
security_opt = ['label:disable']
service = self.create_service('db', security_opt=security_opt)
container = service.create_container()
service.start_container(container)
self.assertEqual(set(container.get('HostConfig.SecurityOpt')), set(security_opt))
def test_create_container_with_specified_volume(self): def test_create_container_with_specified_volume(self):
host_path = '/tmp/host-path' host_path = '/tmp/host-path'
container_path = '/container-path' container_path = '/container-path'