예제 #1
0
def localNetworkCap(active: bool, ctx: ExecContext) -> None:
    "setup localhost network"
    # A workaround podman not configuring loopback
    if active:
        ctx.network = None
        ctx.syscaps.append("NET_ADMIN")
예제 #2
0
def terminalCap(active: bool, ctx: ExecContext) -> None:
    "interactive mode"
    if active:
        ctx.interactive = True
        ctx.detachKeys = ""
예제 #3
0
def largeShmCap(active: bool, ctx: ExecContext) -> None:
    "mount a 4gb shm"
    ctx.shmsize = "4g" if active else None
예제 #4
0
def uidmapCap(active: bool, ctx: ExecContext) -> None:
    "map host uid"
    ctx.uidmaps = active
예제 #5
0
def privilegedCap(active: bool, ctx: ExecContext) -> None:
    "run as privileged container"
    ctx.privileged = active
예제 #6
0
def seccompCap(active: bool, ctx: ExecContext) -> None:
    "enable seccomp"
    if not active:
        ctx.seccomp = "unconfined"
예제 #7
0
def selinuxCap(active: bool, ctx: ExecContext) -> None:
    "enable SELinux"
    if not active:
        ctx.seLinuxLabel = "disable"
예제 #8
0
def editorCap(active: bool, ctx: ExecContext) -> None:
    "setup editor env"
    if active:
        ctx.environ["EDITOR"] = os.environ.get("EDITOR", "vi")
예제 #9
0
def x11Cap(active: bool, ctx: ExecContext) -> None:
    "share x11 socket"
    if active:
        ctx.mounts[Path("/tmp/.X11-unix")] = Path("/tmp/.X11-unix")
        ctx.environ["DISPLAY"] = os.environ["DISPLAY"]
예제 #10
0
def ipcCap(active: bool, ctx: ExecContext) -> None:
    "share host ipc"
    if active:
        ctx.namespaces["ipc"] = "host"