rpms/udica
7
0
Fork 0
Code Issues Pull Requests Releases Activity
4a53696b71
udica/0004-Rename-device-access-to-devices.patch
Vit Mojzis 4a53696b71 udica-0.2.7-5 
- Show diff when checking formatting
- Fix several lint findings
- Fix generating policy for Crio mounts

Fixes:
  https://github.com/containers/udica/issues/118
2023-04-20 17:25:50 +02:00

102 lines
3.2 KiB
Diff
Raw Blame History

From 34c0f137583001c5b7b0f8bf681b027aeff109cb Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 19 Oct 2022 16:34:46 +0200
Subject: [PATCH] Rename --device-access to --devices
This makes parameters more consistent.
Also, describe the new parameter in man page.
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
tests/test_main.py | 4 ++--
udica/__main__.py | 16 ++++++++--------
udica/man/man8/udica.8 | 5 +++++
udica/policy.py | 6 ++----
4 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/tests/test_main.py b/tests/test_main.py
index bc17cc2..f32588b 100644
--- a/tests/test_main.py
+++ b/tests/test_main.py
@@ -361,8 +361,8 @@ class TestBase(unittest.TestCase):
"udica",
"-j",
"tests/test_devices.podman.json",
- "--device-access",
- "/dev/fd0",
+ "--devices",
+ "/dev/fb0",
"my_container",
]
)
diff --git a/udica/__main__.py b/udica/__main__.py
index 84e0ba4..103ddc2 100644
--- a/udica/__main__.py
+++ b/udica/__main__.py
@@ -99,6 +99,14 @@ def get_args():
dest="Caps",
default=None,
)
+ parser.add_argument(
+ "--devices",
+ type=str,
+ help='List of devices the container should have access to, e.g "--devices /dev/dri/card0,/dev/dri/renderD128"',
+ dest="Devices",
+ required=False,
+ default=None,
+ )
parser.add_argument(
"-d",
"--ansible",
@@ -127,14 +135,6 @@ def get_args():
required=False,
default="-",
)
- parser.add_argument(
- "--device-access",
- help='List of devices the container should have access to, e.g "--device-access /dev/dri/card0,/dev/dri/renderD128"',
- required=False,
- default=None,
- type=str,
- dest="DeviceAccess",
- )
args = parser.parse_args()
return vars(args)
diff --git a/udica/man/man8/udica.8 b/udica/man/man8/udica.8
index 8c3a48e..c7158ff 100644
--- a/udica/man/man8/udica.8
+++ b/udica/man/man8/udica.8
@@ -53,6 +53,11 @@ Load templates and module created by this tool
List of capabilities, for example: "\-c AUDIT\_WRITE,CHOWN,DAC\_OVERRIDE,FOWNER,FSETID,KILL"
(mandatory to use for Docker Engine, see the BUGS section)
+.TP
+.I \-\-devices DEVS
+List of devices the container should have access to, e.g "\-\-devices /dev/dri/card0,/dev/dri/renderD128"
+(overrides devices specified in the conatiner JSON)
+
.TP
.I \-a, \-\-append-rules FILE
Append more SELinux allow rules generated from SELinux denials in audit daemon.
diff --git a/udica/policy.py b/udica/policy.py
index 9b7a14f..9069c97 100644
--- a/udica/policy.py
+++ b/udica/policy.py
@@ -173,10 +173,8 @@ def create_policy(
# devices
# Not applicable for CRI-O container engine
if inspect_format != "CRI-0":
- if not devices and opts["DeviceAccess"]:
- devices = [
- {"PathOnHost": device} for device in opts["DeviceAccess"].split(",")
- ]
+ if opts["Devices"]:
+ devices = [{"PathOnHost": device} for device in opts["Devices"].split(",")]
write_policy_for_podman_devices(devices, policy)
# mounts
--
2.37.3
Reference in New Issue View Git Blame Copy Permalink