Home Explore Help
Register Sign In
Apq
/
docker-compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add security_opt as a docker-compose.yml option

Signed-off-by: Logan Owen <[email protected]>
lsowen 10 years ago
parent
80eaf4cc9f
commit
ea7ee301c0
4 changed files with 22 additions and 1 deletions
Split View Show Diff Stats
  1. 1 0
      compose/config.py
  2. 4 1
      compose/service.py
  3. 10 0
      docs/yml.md
  4. 7 0
      tests/integration/service_test.py

+ 1 - 0
compose/config.py
View File 

@@ -30,6 +30,7 @@ DOCKER_CONFIG_KEYS = [
 
     'ports',
 
     'privileged',
 
     'restart',
 
+    'security_opt',
 
     'stdin_open',
 
     'tty',
 
     'user',

+ 4 - 1
compose/service.py
View File 

@@ -42,6 +42,7 @@ DOCKER_START_KEYS = [
 
     'privileged',
 
     'restart',
 
     'volumes_from',
 
+    'security_opt',
 
 ]
 
 
 VALID_NAME_CHARS = '[a-zA-Z0-9]'
 
@@ -595,6 +596,7 @@ class Service(object):
 
         cap_drop = options.get('cap_drop', None)
 
         log_config = LogConfig(type=options.get('log_driver', 'json-file'))
 
         pid = options.get('pid', None)
 
+        security_opt = options.get('security_opt', None)
 
 
         dns = options.get('dns', None)
 
         if isinstance(dns, six.string_types):
 
@@ -627,7 +629,8 @@ class Service(object):
 
             log_config=log_config,
 
             extra_hosts=extra_hosts,
 
             read_only=read_only,
 
-            pid_mode=pid
 
+            pid_mode=pid,
 
+            security_opt=security_opt
 
         )
 
 
     def build(self, no_cache=False):

+ 10 - 0
docs/yml.md
View File 

@@ -352,6 +352,16 @@ devices:
 
   - "/dev/ttyUSB0:/dev/ttyUSB0"
 
 ```
 
 
+### security_opt
 
+
 
+Override the default labeling scheme for each container.
 
+
 
+```
 
+security_opt:
 
+  - label:user:USER
 
+  - label:role:ROLE
 
+```
 
+
 
 ### working\_dir, entrypoint, user, hostname, domainname, mem\_limit, privileged, restart, stdin\_open, tty, cpu\_shares, cpuset, read\_only
 
 
 Each of these is a single value, analogous to its

+ 7 - 0
tests/integration/service_test.py
View File 

@@ -192,6 +192,13 @@ class ServiceTest(DockerClientTestCase):
 
         service.start_container(container)
 
         self.assertEqual(container.get('HostConfig.ReadonlyRootfs'), read_only, container.get('HostConfig'))
 
 
+    def test_create_container_with_security_opt(self):
 
+        security_opt = ['label:disable']
 
+        service = self.create_service('db', security_opt=security_opt)
 
+        container = service.create_container()
 
+        service.start_container(container)
 
+        self.assertEqual(set(container.get('HostConfig.SecurityOpt')), set(security_opt))
 
+
 
     def test_create_container_with_specified_volume(self):
 
         host_path = '/tmp/host-path'
 
         container_path = '/container-path'