From a72b8fffc82657de85d20b3c9191d24a0b41e612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Sk=C3=B8tt?= Date: Thu, 11 Aug 2022 14:20:14 +0200 Subject: [PATCH 1/4] Add ---device--access option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Martin Skøtt --- udica/__main__.py | 8 ++++++++ udica/policy.py | 2 ++ 2 files changed, 10 insertions(+) diff --git a/udica/__main__.py b/udica/__main__.py index d72a4b4..9cb276d 100644 --- a/udica/__main__.py +++ b/udica/__main__.py @@ -127,6 +127,14 @@ def get_args(): required=False, default="-", ) + parser.add_argument( + "--device-access", + help='List of devices the container should have access to, e.g "--device-access /dev/dri/card0,/dev/dri/renderD128"', + required=False, + default=None, + type=str, + dest='DeviceAccess' + ) args = parser.parse_args() return vars(args) diff --git a/udica/policy.py b/udica/policy.py index ec6ce20..0f1145a 100644 --- a/udica/policy.py +++ b/udica/policy.py @@ -173,6 +173,8 @@ def create_policy( # devices # Not applicable for CRI-O container engine if inspect_format != "CRI-0": + if (not devices and opts["DeviceAccess"]): + devices = [{"PathOnHost": device} for device in opts["DeviceAccess"].split(',')] write_policy_for_podman_devices(devices, policy) # mounts -- 2.37.3