codingworkshop/act
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for container kernel capabilities (#716)

Browse Source 
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.

The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,

The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.

This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.

Signed-off-by: Joseph Benden <joe@benden.us>
This commit is contained in:
Joseph Benden
2021-06-04 09:06:59 -07:00
committed by GitHub
parent 8a9167da82
commit 6b4d359737
6 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/container/docker_run.go
View File

@@ -63,7 +63,7 @@ type FileEntry struct {
// Container for managing docker run containers
type Container interface {
Create() common.Executor
Create(capAdd []string, capDrop []string) common.Executor
Copy(destPath string, files ...*FileEntry) common.Executor
CopyDir(destPath string, srcPath string, useGitIgnore bool) common.Executor
Pull(forcePull bool) common.Executor
@@ -100,14 +100,14 @@ func supportsContainerImagePlatform(cli *client.Client) bool {
return constraint.Check(sv)
}
func (cr *containerReference) Create() common.Executor {
func (cr *containerReference) Create(capAdd []string, capDrop []string) common.Executor {
return common.
NewDebugExecutor("%sdocker create image=%s platform=%s entrypoint=%+q cmd=%+q", logPrefix, cr.input.Image, cr.input.Platform, cr.input.Entrypoint, cr.input.Cmd).
Then(
common.NewPipelineExecutor(
cr.connect(),
cr.find(),
cr.create(),
cr.create(capAdd, capDrop),
).IfNot(common.Dryrun),
)
}
@@ -274,7 +274,7 @@ func (cr *containerReference) remove() common.Executor {
}
}
func (cr *containerReference) create() common.Executor {
func (cr *containerReference) create(capAdd []string, capDrop []string) common.Executor {
return func(ctx context.Context) error {
if cr.id != "" {
return nil
@@ -315,6 +315,8 @@ func (cr *containerReference) create() common.Executor {
}
}
resp, err := cr.cli.ContainerCreate(ctx, config, &container.HostConfig{
CapAdd: capAdd,
CapDrop: capDrop,
Binds: input.Binds,
Mounts: mounts,
NetworkMode: container.NetworkMode(input.NetworkMode),