def localNetworkCap(active: bool, ctx: ExecContext) -> None: "setup localhost network" # A workaround podman not configuring loopback if active: ctx.network = None ctx.syscaps.append("NET_ADMIN")
def terminalCap(active: bool, ctx: ExecContext) -> None: "interactive mode" if active: ctx.interactive = True ctx.detachKeys = ""
def largeShmCap(active: bool, ctx: ExecContext) -> None: "mount a 4gb shm" ctx.shmsize = "4g" if active else None
def uidmapCap(active: bool, ctx: ExecContext) -> None: "map host uid" ctx.uidmaps = active
def privilegedCap(active: bool, ctx: ExecContext) -> None: "run as privileged container" ctx.privileged = active
def seccompCap(active: bool, ctx: ExecContext) -> None: "enable seccomp" if not active: ctx.seccomp = "unconfined"
def selinuxCap(active: bool, ctx: ExecContext) -> None: "enable SELinux" if not active: ctx.seLinuxLabel = "disable"
def editorCap(active: bool, ctx: ExecContext) -> None: "setup editor env" if active: ctx.environ["EDITOR"] = os.environ.get("EDITOR", "vi")
def x11Cap(active: bool, ctx: ExecContext) -> None: "share x11 socket" if active: ctx.mounts[Path("/tmp/.X11-unix")] = Path("/tmp/.X11-unix") ctx.environ["DISPLAY"] = os.environ["DISPLAY"]
def ipcCap(active: bool, ctx: ExecContext) -> None: "share host ipc" if active: ctx.namespaces["ipc"] = "host"