codingworkshop/act
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for container kernel capabilities (#716)

Browse Source 
This patch adds two new command-line flags to specify one or
more kernel capabilities to add or remove from the workflow
containers.

The command-line flag `--container-cap-add` allows for adding
specific capabilities on the workflow containers; where as,

The command-line flag `--container-cap-drop` allows for removing
specific capabilities on the workflow containers.

This was developed to specifically be able to add `SYS_PTRACE`
to a workflow I maintain. It involves using this capability to
monitor a make build, to then build a compilation database.

Signed-off-by: Joseph Benden <joe@benden.us>
This commit is contained in:
Joseph Benden
2021-06-04 09:06:59 -07:00
committed by GitHub
parent 8a9167da82
commit 6b4d359737
6 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/runner/run_context.go
View File

@@ -148,7 +148,7 @@ func (rc *RunContext) startJobContainer() common.Executor {
return common.NewPipelineExecutor(
rc.JobContainer.Pull(rc.Config.ForcePull),
rc.stopJobContainer(),
rc.JobContainer.Create(),
rc.JobContainer.Create(rc.Config.ContainerCapAdd, rc.Config.ContainerCapDrop),
rc.JobContainer.Start(false),
rc.JobContainer.UpdateFromEnv("/etc/environment", &rc.Env),
rc.JobContainer.Exec([]string{"mkdir", "-m", "0777", "-p", ActPath}, rc.Env, "root"),